Sign-up

ID

VAR-201806-0990


CVE

CVE-2018-0305


TITLE

Cisco FXOS and NX-OS In software NULL Pointer dereference vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-006583

DESCRIPTION

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability exists because the affected software insufficiently validates Cisco Fabric Services packets. An attacker could exploit this vulnerability by sending a crafted Cisco Fabric Services packet to an affected device. A successful exploit could allow the attacker to force a NULL pointer dereference and cause a DoS condition. This vulnerability affects the following if configured to use Cisco Fabric Services: Firepower 4100 Series Next-Generation Firewalls, Firepower 9300 Security Appliance, MDS 9000 Series Multilayer Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvd69966, CSCve02435, CSCve04859, CSCve41590, CSCve41593, CSCve41601. Vendors have confirmed this vulnerability Bug ID CSCvd69966 , CSCve02435 , CSCve04859 , CSCve41590 , CSCve41593 ,and CSCve41601 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco Firepower 4100 Series Next-Generation Firewalls and so on are all products of Cisco. The Cisco Firepower 4100 Series Next-Generation Firewall is a 4100 series firewall device. MDS9000SeriesMultilayerSwitches is a switch device. FXOSSoftware is a suite of firewall software running on Cisco security appliances. NX-OSSoftware is a suite of data center-level operating system software running on Cisco switch devices. FabricServices is one of the Fabric service components

Trust: 2.25

sources: NVD: CVE-2018-0305 // JVNDB: JVNDB-2018-006583 // CNVD: CNVD-2018-14571 // VULHUB: VHN-118507

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-14571

AFFECTED PRODUCTS

vendor:ciscomodel:nexus 9000scope:eqversion:8.1\(1\)s5

Trust: 1.6

vendor:ciscomodel:nexus 5000scope:eqversion:7.0\(0\)hsk\(0.357\)

Trust: 1.6

vendor:ciscomodel:nexus 5000scope:eqversion:8.8\(0.1\)

Trust: 1.6

vendor:ciscomodel:firepower 9000scope:eqversion:r211

Trust: 1.6

vendor:ciscomodel:nexus 5000scope:eqversion:8.1\(0.2\)s0

Trust: 1.6

vendor:ciscomodel:unified computing systemscope:eqversion:3.1\(3a\)a

Trust: 1.6

vendor:ciscomodel:nexus 7000scope:eqversion:8.0\(1\)

Trust: 1.6

vendor:ciscomodel:unified computing systemscope:eqversion:7.0\(0\)hsk\(0.357\)

Trust: 1.6

vendor:ciscomodel:firepower 9000scope:eqversion:r231

Trust: 1.6

vendor:ciscomodel:nexus 9000scope:eqversion:8.1\(0\)bd\(0.20\)

Trust: 1.6

vendor:ciscomodel:nexus 5000scope: - version: -

Trust: 0.8

vendor:ciscomodel:nexus 7000scope: - version: -

Trust: 0.8

vendor:ciscomodel:nexus 9000scope: - version: -

Trust: 0.8

vendor:ciscomodel:unified computing systemscope: - version: -

Trust: 0.8

vendor:ciscomodel:firepower 9000scope: - version: -

Trust: 0.8

vendor:ciscomodel:nexus series switchescope:eqversion:3000

Trust: 0.6

vendor:ciscomodel:nexus series switchesscope:eqversion:7000

Trust: 0.6

vendor:ciscomodel:nexus series switchesscope:eqversion:6000

Trust: 0.6

vendor:ciscomodel:nexus series switchesscope:eqversion:7700

Trust: 0.6

vendor:ciscomodel:nexus platform switchesscope:eqversion:5600

Trust: 0.6

vendor:ciscomodel:nexus platform switchesscope:eqversion:5500

Trust: 0.6

vendor:ciscomodel:nexus platform switchesscope:eqversion:3500

Trust: 0.6

vendor:ciscomodel:nexus r-series line cards and fabric modulesscope:eqversion:9500

Trust: 0.6

vendor:ciscomodel:mds series multilayer switchesscope:eqversion:9000

Trust: 0.6

vendor:ciscomodel:nexus series switchesscope:eqversion:9000

Trust: 0.6

vendor:ciscomodel:ucs series fabric interconnectsscope:eqversion:6100

Trust: 0.6

vendor:ciscomodel:ucs series fabric interconnectsscope:eqversion:6300

Trust: 0.6

vendor:ciscomodel:nexus series fabric extendersscope:eqversion:2000

Trust: 0.6

vendor:ciscomodel:ucs series fabric interconnectsscope:eqversion:6200

Trust: 0.6

vendor:ciscomodel:firepower series next-generation firewallsscope:eqversion:41000

Trust: 0.6

vendor:ciscomodel:firepower security appliancescope:eqversion:9300

Trust: 0.6

sources: CNVD: CNVD-2018-14571 // JVNDB: JVNDB-2018-006583 // CNNVD: CNNVD-201806-1125 // NVD: CVE-2018-0305

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0305
value: HIGH

Trust: 1.0

NVD: CVE-2018-0305
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-14571
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201806-1125
value: HIGH

Trust: 0.6

VULHUB: VHN-118507
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0305
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-14571
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-118507
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0305
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-14571 // VULHUB: VHN-118507 // JVNDB: JVNDB-2018-006583 // CNNVD: CNNVD-201806-1125 // NVD: CVE-2018-0305

PROBLEMTYPE DATA

problemtype:CWE-476

Trust: 1.9

sources: VULHUB: VHN-118507 // JVNDB: JVNDB-2018-006583 // NVD: CVE-2018-0305

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201806-1125

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201806-1125

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-006583

PATCH
title:cisco-sa-20180620-fx-os-fabric-dosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fx-os-fabric-dos
Trust: 0.8
title:Patches for multiple Cisco products FXOSSoftware and NX-OSSoftwareFabricServices component denial of service vulnerability (CNVD-2018-14571)url:https://www.cnvd.org.cn/patchInfo/show/136273
Trust: 0.6
title:Multiple Cisco product FXOS Software  and NX-OS Software Fabric Services Fixes for component security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81456
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-14571 // 
            
            
            
            JVNDB: JVNDB-2018-006583 // 
            
            
            
            CNNVD: CNNVD-201806-1125

EXTERNAL IDS
db:NVDid:CVE-2018-0305
Trust: 3.1
db:SECTRACKid:1041169
Trust: 1.7
db:JVNDBid:JVNDB-2018-006583
Trust: 0.8
db:CNNVDid:CNNVD-201806-1125
Trust: 0.7
db:CNVDid:CNVD-2018-14571
Trust: 0.6
db:VULHUBid:VHN-118507
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-14571 // 
            
            
            
            VULHUB: VHN-118507 // 
            
            
            
            JVNDB: JVNDB-2018-006583 // 
            
            
            
            CNNVD: CNNVD-201806-1125 // 
            
            
            
            NVD: CVE-2018-0305

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180620-fx-os-fabric-dos
Trust: 2.3
url:http://www.securitytracker.com/id/1041169
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0305
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0305
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2018-14571 // 
            
            
            
            VULHUB: VHN-118507 // 
            
            
            
            JVNDB: JVNDB-2018-006583 // 
            
            
            
            CNNVD: CNNVD-201806-1125 // 
            
            
            
            NVD: CVE-2018-0305

SOURCES
db:CNVDid:CNVD-2018-14571
db:VULHUBid:VHN-118507
db:JVNDBid:JVNDB-2018-006583
db:CNNVDid:CNNVD-201806-1125
db:NVDid:CVE-2018-0305

LAST UPDATE DATE
2024-11-23T21:38:48.930000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-14571date:2018-08-05T00:00:00
db:VULHUBid:VHN-118507date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2018-006583date:2018-08-27T00:00:00
db:CNNVDid:CNNVD-201806-1125date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0305date:2024-11-21T03:37:56.417

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-14571date:2018-08-03T00:00:00
db:VULHUBid:VHN-118507date:2018-06-21T00:00:00
db:JVNDBid:JVNDB-2018-006583date:2018-08-27T00:00:00
db:CNNVDid:CNNVD-201806-1125date:2018-06-22T00:00:00
db:NVDid:CVE-2018-0305date:2018-06-21T11:29:00.477