Sign-up

ID

VAR-201806-0995


CVE

CVE-2018-0310


TITLE

Cisco FXOS and NX-OS Software resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-006584

DESCRIPTION

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to obtain sensitive information from memory or cause a denial of service (DoS) condition on the affected product. The vulnerability exists because the affected software insufficiently validates header values in Cisco Fabric Services packets. An attacker could exploit this vulnerability by sending a crafted Cisco Fabric Services packet to an affected device. A successful exploit could allow the attacker to cause a buffer overread condition, which could allow the attacker to obtain sensitive information from memory or cause a DoS condition on the affected product. This vulnerability affects Firepower 4100 Series Next-Generation Firewalls, Firepower 9300 Security Appliance, MDS 9000 Series Multilayer Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvd69957, CSCve02435, CSCve04859, CSCve41536, CSCve41538, CSCve41559. Cisco FXOS and NX-OS The software contains a resource management vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvd69957 , CSCve02435 , CSCve04859 , CSCve41536 , CSCve41538 ,and CSCve41559 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco Firepower 4100 Series Next-Generation Firewalls and so on are all products of Cisco. The Cisco Firepower 4100 Series Next-Generation Firewall is a 4100 series firewall device. MDS9000SeriesMultilayerSwitches is a switch device. FXOSSoftware is a suite of firewall software running on Cisco security appliances. NX-OSSoftware is a suite of data center-level operating system software running on Cisco switch devices. FabricServices is one of the Fabric service components

Trust: 2.34

sources: NVD: CVE-2018-0310 // JVNDB: JVNDB-2018-006584 // CNVD: CNVD-2018-14569 // VULHUB: VHN-118512 // VULMON: CVE-2018-0310

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-14569

AFFECTED PRODUCTS

vendor:ciscomodel:nx-osscope:eqversion:8.1\(0.2\)s0

Trust: 1.6

vendor:ciscomodel:nx-osscope:eqversion:3.1\(3a\)a

Trust: 1.6

vendor:ciscomodel:nx-osscope:eqversion:8.0\(1\)

Trust: 1.6

vendor:ciscomodel:nx-osscope:eqversion:9.9\(0.902\)

Trust: 1.6

vendor:ciscomodel:nx-osscope:eqversion:8.8\(3.5\)s0

Trust: 1.6

vendor:ciscomodel:nx-osscope:eqversion:7.0\(0\)hsk\(0.357\)

Trust: 1.6

vendor:ciscomodel:nx-osscope:eqversion:8.8\(0.1\)

Trust: 1.6

vendor:ciscomodel:nx-osscope:eqversion:7.0\(3\)i4\(7\)

Trust: 1.6

vendor:ciscomodel:nx-osscope:eqversion:7.0\(3\)i7\(1\)

Trust: 1.6

vendor:ciscomodel:firepower extensible operating systemscope:ltversion:2.0.1.153

Trust: 1.0

vendor:ciscomodel:firepower extensible operating systemscope:ltversion:2.1.1.86

Trust: 1.0

vendor:ciscomodel:firepower extensible operating systemscope:ltversion:2.2.1.70

Trust: 1.0

vendor:ciscomodel:firepower extensible operating systemscope:ltversion:1.1.4.179

Trust: 1.0

vendor:ciscomodel:firepower extensible operating systemscope:gteversion:2.2.1

Trust: 1.0

vendor:ciscomodel:firepower extensible operating systemscope:gteversion:2.0

Trust: 1.0

vendor:ciscomodel:firepower extensible operating systemscope:gteversion:2.2.2

Trust: 1.0

vendor:ciscomodel:firepower extensible operating systemscope:gteversion:2.1.1

Trust: 1.0

vendor:ciscomodel:firepower extensible operating systemscope:ltversion:2.2.2.17

Trust: 1.0

vendor:ciscomodel:firepower extensible operating systemscope:gteversion:1.1

Trust: 1.0

vendor:ciscomodel:nx-osscope: - version: -

Trust: 0.8

vendor:ciscomodel:fx-osscope: - version: -

Trust: 0.8

vendor:ciscomodel:nexus series switchescope:eqversion:3000

Trust: 0.6

vendor:ciscomodel:nexus series switchesscope:eqversion:7000

Trust: 0.6

vendor:ciscomodel:nexus series switchesscope:eqversion:6000

Trust: 0.6

vendor:ciscomodel:nexus series switchesscope:eqversion:7700

Trust: 0.6

vendor:ciscomodel:nexus platform switchesscope:eqversion:5600

Trust: 0.6

vendor:ciscomodel:nexus platform switchesscope:eqversion:5500

Trust: 0.6

vendor:ciscomodel:nexus platform switchesscope:eqversion:3500

Trust: 0.6

vendor:ciscomodel:nexus r-series line cards and fabric modulesscope:eqversion:9500

Trust: 0.6

vendor:ciscomodel:mds series multilayer switchesscope:eqversion:9000

Trust: 0.6

vendor:ciscomodel:nexus series switchesscope:eqversion:9000

Trust: 0.6

vendor:ciscomodel:ucs series fabric interconnectsscope:eqversion:6100

Trust: 0.6

vendor:ciscomodel:ucs series fabric interconnectsscope:eqversion:6200

Trust: 0.6

vendor:ciscomodel:nexus series fabric extendersscope:eqversion:2000

Trust: 0.6

vendor:ciscomodel:firepower series next-generation firewallsscope:eqversion:41000

Trust: 0.6

vendor:ciscomodel:firepower security appliancescope:eqversion:9300

Trust: 0.6

sources: CNVD: CNVD-2018-14569 // JVNDB: JVNDB-2018-006584 // CNNVD: CNNVD-201806-1122 // NVD: CVE-2018-0310

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0310
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-0310
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2018-14569
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201806-1122
value: CRITICAL

Trust: 0.6

VULHUB: VHN-118512
value: HIGH

Trust: 0.1

VULMON: CVE-2018-0310
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-0310
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2018-14569
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-118512
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0310
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-14569 // VULHUB: VHN-118512 // VULMON: CVE-2018-0310 // JVNDB: JVNDB-2018-006584 // CNNVD: CNNVD-201806-1122 // NVD: CVE-2018-0310

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

problemtype:CWE-125

Trust: 1.1

sources: VULHUB: VHN-118512 // JVNDB: JVNDB-2018-006584 // NVD: CVE-2018-0310

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201806-1122

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201806-1122

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-006584

PATCH
title:cisco-sa-20180620-nx-os-fabric-dosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nx-os-fabric-dos
Trust: 0.8
title:Patches for multiple Cisco products FXOSSoftware and NX-OSSoftwareFabricServices component denial of service vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/136267
Trust: 0.6
title:Multiple Cisco product FXOS Software  and NX-OS Software Fabric Services Fixes for component resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81453
Trust: 0.6
title:Cisco: Cisco FXOS and NX-OS Software Cisco Fabric Services Denial of Service Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20180620-nx-os-fabric-dos
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-14569 // 
            
            
            
            VULMON: CVE-2018-0310 // 
            
            
            
            JVNDB: JVNDB-2018-006584 // 
            
            
            
            CNNVD: CNNVD-201806-1122

EXTERNAL IDS
db:NVDid:CVE-2018-0310
Trust: 3.2
db:SECTRACKid:1041169
Trust: 1.8
db:JVNDBid:JVNDB-2018-006584
Trust: 0.8
db:CNNVDid:CNNVD-201806-1122
Trust: 0.7
db:CNVDid:CNVD-2018-14569
Trust: 0.6
db:VULHUBid:VHN-118512
Trust: 0.1
db:VULMONid:CVE-2018-0310
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-14569 // 
            
            
            
            VULHUB: VHN-118512 // 
            
            
            
            VULMON: CVE-2018-0310 // 
            
            
            
            JVNDB: JVNDB-2018-006584 // 
            
            
            
            CNNVD: CNNVD-201806-1122 // 
            
            
            
            NVD: CVE-2018-0310

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180620-nx-os-fabric-dos
Trust: 2.5
url:http://www.securitytracker.com/id/1041169
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0310
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0310
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/125.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-14569 // 
            
            
            
            VULHUB: VHN-118512 // 
            
            
            
            VULMON: CVE-2018-0310 // 
            
            
            
            JVNDB: JVNDB-2018-006584 // 
            
            
            
            CNNVD: CNNVD-201806-1122 // 
            
            
            
            NVD: CVE-2018-0310

SOURCES
db:CNVDid:CNVD-2018-14569
db:VULHUBid:VHN-118512
db:VULMONid:CVE-2018-0310
db:JVNDBid:JVNDB-2018-006584
db:CNNVDid:CNNVD-201806-1122
db:NVDid:CVE-2018-0310

LAST UPDATE DATE
2024-11-23T21:38:49.030000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-14569date:2018-08-03T00:00:00
db:VULHUBid:VHN-118512date:2019-10-09T00:00:00
db:VULMONid:CVE-2018-0310date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2018-006584date:2018-08-27T00:00:00
db:CNNVDid:CNNVD-201806-1122date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0310date:2024-11-21T03:37:57.080

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-14569date:2018-08-03T00:00:00
db:VULHUBid:VHN-118512date:2018-06-21T00:00:00
db:VULMONid:CVE-2018-0310date:2018-06-21T00:00:00
db:JVNDBid:JVNDB-2018-006584date:2018-08-27T00:00:00
db:CNNVDid:CNNVD-201806-1122date:2018-06-22T00:00:00
db:NVDid:CVE-2018-0310date:2018-06-21T11:29:00.617