Sign-up

ID

VAR-201801-1053


CVE

CVE-2018-0102


TITLE

Cisco NX-OS Resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-001515

DESCRIPTION

A vulnerability in the Pong tool of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software attempts to free the same area of memory twice. An attacker could exploit this vulnerability by sending a pong request to an affected device from a location on the network that causes the pong reply packet to egress both a FabricPath port and a non-FabricPath port. An exploit could allow the attacker to cause a dual or quad supervisor virtual port-channel (vPC) to reload. This vulnerability affects the following products when running Cisco NX-OS Software Release 7.2(1)D(1), 7.2(2)D1(1), or 7.2(2)D1(2) with both the Pong and FabricPath features enabled and the FabricPath port is actively monitored via a SPAN session: Cisco Nexus 7000 Series Switches and Cisco Nexus 7700 Series Switches. Cisco Bug IDs: CSCuv98660. Cisco NX-OS Contains a resource management vulnerability. Vendors have confirmed this vulnerability Bug ID CSCuv98660 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. NX-OS Software is a data center operating system that runs on it

Trust: 1.98

sources: NVD: CVE-2018-0102 // JVNDB: JVNDB-2018-001515 // BID: 102728 // VULHUB: VHN-118304

AFFECTED PRODUCTS

vendor:ciscomodel:nx-osscope:eqversion:7.2\(2\)d1\(1\)

Trust: 1.6

vendor:ciscomodel:nx-osscope:eqversion:7.2\(2\)d1\(2\)

Trust: 1.6

vendor:ciscomodel:nx-osscope:eqversion:7.2\(1\)d\(1\)

Trust: 1.6

vendor:ciscomodel:nx-osscope:eqversion:7.2(1)d(1)

Trust: 0.8

vendor:ciscomodel:nx-osscope:eqversion:7.2(2)d1(1)

Trust: 0.8

vendor:ciscomodel:nx-osscope:eqversion:7.2(2)d1(2)

Trust: 0.8

vendor:ciscomodel:nx-os 7.2 d1scope: - version: -

Trust: 0.6

vendor:ciscomodel:nx-os 7.2 dscope: - version: -

Trust: 0.3

vendor:ciscomodel:nexus series switches 7.3 pdbscope:eqversion:7000

Trust: 0.3

vendor:ciscomodel:nx-os 7.3 d1scope:neversion: -

Trust: 0.3

vendor:ciscomodel:nexus series switches 7.3 d1scope:neversion:7000

Trust: 0.3

sources: BID: 102728 // JVNDB: JVNDB-2018-001515 // CNNVD: CNNVD-201801-618 // NVD: CVE-2018-0102

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0102
value: HIGH

Trust: 1.0

NVD: CVE-2018-0102
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201801-618
value: HIGH

Trust: 0.6

VULHUB: VHN-118304
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0102
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118304
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0102
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 4.0
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-118304 // JVNDB: JVNDB-2018-001515 // CNNVD: CNNVD-201801-618 // NVD: CVE-2018-0102

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

problemtype:CWE-415

Trust: 1.1

sources: VULHUB: VHN-118304 // JVNDB: JVNDB-2018-001515 // NVD: CVE-2018-0102

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201801-618

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201801-618

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-001515

PATCH
title:cisco-sa-20180117-nx-osurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-nx-os
Trust: 0.8
title:Cisco Nexus 7000 Series Switches  and 7700 Series Switches Cisco NX-OS Software Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77798
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-001515 // 
            
            
            
            CNNVD: CNNVD-201801-618

EXTERNAL IDS
db:NVDid:CVE-2018-0102
Trust: 2.8
db:BIDid:102728
Trust: 2.0
db:SECTRACKid:1040219
Trust: 1.7
db:JVNDBid:JVNDB-2018-001515
Trust: 0.8
db:CNNVDid:CNNVD-201801-618
Trust: 0.7
db:VULHUBid:VHN-118304
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118304 // 
            
            
            
            BID: 102728 // 
            
            
            
            JVNDB: JVNDB-2018-001515 // 
            
            
            
            CNNVD: CNNVD-201801-618 // 
            
            
            
            NVD: CVE-2018-0102

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180117-nx-os
Trust: 2.0
url:http://www.securityfocus.com/bid/102728
Trust: 1.7
url:http://www.securitytracker.com/id/1040219
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0102
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0102
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-118304 // 
            
            
            
            BID: 102728 // 
            
            
            
            JVNDB: JVNDB-2018-001515 // 
            
            
            
            CNNVD: CNNVD-201801-618 // 
            
            
            
            NVD: CVE-2018-0102

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 102728

SOURCES
db:VULHUBid:VHN-118304
db:BIDid:102728
db:JVNDBid:JVNDB-2018-001515
db:CNNVDid:CNNVD-201801-618
db:NVDid:CVE-2018-0102

LAST UPDATE DATE
2024-11-23T22:59:07.473000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118304date:2019-10-09T00:00:00
db:BIDid:102728date:2018-01-17T00:00:00
db:JVNDBid:JVNDB-2018-001515date:2018-02-22T00:00:00
db:CNNVDid:CNNVD-201801-618date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0102date:2024-11-21T03:37:31.487

SOURCES RELEASE DATE
db:VULHUBid:VHN-118304date:2018-01-18T00:00:00
db:BIDid:102728date:2018-01-17T00:00:00
db:JVNDBid:JVNDB-2018-001515date:2018-02-22T00:00:00
db:CNNVDid:CNNVD-201801-618date:2018-01-22T00:00:00
db:NVDid:CVE-2018-0102date:2018-01-18T06:29:01.097