Sign-up

ID

VAR-201806-0998


CVE

CVE-2018-0313


TITLE

Cisco NX-OS Software input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-006853

DESCRIPTION

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to send a malicious packet to the management interface on an affected system and execute a command-injection exploit. The vulnerability is due to incorrect input validation of user-supplied data to the NX-API subsystem. An attacker could exploit this vulnerability by sending a malicious HTTP or HTTPS packet to the management interface of an affected system that has the NX-API feature enabled. A successful exploit could allow the attacker to execute arbitrary commands with root privileges. Note: NX-API is disabled by default. This vulnerability affects MDS 9000 Series Multilayer Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCvd47415, CSCve03216, CSCve03224, CSCve03234. Cisco NX-OS The software contains input validation vulnerabilities and command injection vulnerabilities. Vendors have confirmed this vulnerability Bug ID CSCvd47415 , CSCve03216 , CSCve03224 ,and CSCve03234 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CiscoMDS9000SeriesMultilayerSwitches and so on are all products of Cisco. Nexus2000 SeriesFabricExtenders is a Nexus2000 Series Switch Array Extender. NX-OSSoftware is the data center-level operating system software used by a set of switches running on it. The NX-API feature of NX-OSSoftware in several Cisco products has any command execution vulnerabilities that result from the program failing to properly validate user-submitted data

Trust: 2.25

sources: NVD: CVE-2018-0313 // JVNDB: JVNDB-2018-006853 // CNVD: CNVD-2018-12391 // VULHUB: VHN-118515

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-12391

AFFECTED PRODUCTS

vendor:ciscomodel:nx-osscope:eqversion:8.1\(0.97\)s0

Trust: 1.6

vendor:ciscomodel:nx-osscope:eqversion:8.1\(0\)bd\(0.20\)

Trust: 1.6

vendor:ciscomodel:nx-osscope:eqversion:8.1\(1\)s5

Trust: 1.6

vendor:ciscomodel:nx-osscope:eqversion:8.0\(1\)s20

Trust: 1.6

vendor:ciscomodel:nx-osscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:nx-osscope:eqversion:7.0\(0\)hsk\(0.357\)

Trust: 1.6

vendor:ciscomodel:nx-osscope: - version: -

Trust: 0.8

vendor:ciscomodel:nexus series switchescope:eqversion:3000

Trust: 0.6

vendor:ciscomodel:nexus series switchesscope:eqversion:7000

Trust: 0.6

vendor:ciscomodel:nexus series switchesscope:eqversion:6000

Trust: 0.6

vendor:ciscomodel:nexus series switchesscope:eqversion:7700

Trust: 0.6

vendor:ciscomodel:nexus platform switchesscope:eqversion:5600

Trust: 0.6

vendor:ciscomodel:nexus platform switchesscope:eqversion:5500

Trust: 0.6

vendor:ciscomodel:nexus platform switchesscope:eqversion:3500

Trust: 0.6

vendor:ciscomodel:nexus r-series line cards and fabric modulesscope:eqversion:9500

Trust: 0.6

vendor:ciscomodel:mds series multilayer switchesscope:eqversion:9000

Trust: 0.6

vendor:ciscomodel:nexus series switchesscope:eqversion:9000

Trust: 0.6

vendor:ciscomodel:nexus series fabric extendersscope:eqversion:2000

Trust: 0.6

sources: CNVD: CNVD-2018-12391 // JVNDB: JVNDB-2018-006853 // CNNVD: CNNVD-201806-1120 // NVD: CVE-2018-0313

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0313
value: HIGH

Trust: 1.0

NVD: CVE-2018-0313
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-12391
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201806-1120
value: HIGH

Trust: 0.6

VULHUB: VHN-118515
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-0313
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-12391
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-118515
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0313
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2018-0313
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2018-12391 // VULHUB: VHN-118515 // JVNDB: JVNDB-2018-006853 // CNNVD: CNNVD-201806-1120 // NVD: CVE-2018-0313

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

problemtype:CWE-74

Trust: 1.1

problemtype:CWE-77

Trust: 0.9

sources: VULHUB: VHN-118515 // JVNDB: JVNDB-2018-006853 // NVD: CVE-2018-0313

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201806-1120

TYPE

injection

Trust: 0.6

sources: CNNVD: CNNVD-201806-1120

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-006853

PATCH
title:cisco-sa-20180620-nx-os-api-executionurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nx-os-api-execution
Trust: 0.8
title:Patches for a variety of Cisco products NX-OSSoftware arbitrary command execution vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/133293
Trust: 0.6
title:Multiple Cisco product NX-OS Software Enter the fix for the verification vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81451
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-12391 // 
            
            
            
            JVNDB: JVNDB-2018-006853 // 
            
            
            
            CNNVD: CNNVD-201806-1120

EXTERNAL IDS
db:NVDid:CVE-2018-0313
Trust: 3.1
db:SECTRACKid:1041169
Trust: 1.7
db:JVNDBid:JVNDB-2018-006853
Trust: 0.8
db:CNNVDid:CNNVD-201806-1120
Trust: 0.7
db:CNVDid:CNVD-2018-12391
Trust: 0.6
db:VULHUBid:VHN-118515
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-12391 // 
            
            
            
            VULHUB: VHN-118515 // 
            
            
            
            JVNDB: JVNDB-2018-006853 // 
            
            
            
            CNNVD: CNNVD-201806-1120 // 
            
            
            
            NVD: CVE-2018-0313

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180620-nx-os-api-execution
Trust: 2.3
url:http://www.securitytracker.com/id/1041169
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0313
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0313
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2018-12391 // 
            
            
            
            VULHUB: VHN-118515 // 
            
            
            
            JVNDB: JVNDB-2018-006853 // 
            
            
            
            CNNVD: CNNVD-201806-1120 // 
            
            
            
            NVD: CVE-2018-0313

SOURCES
db:CNVDid:CNVD-2018-12391
db:VULHUBid:VHN-118515
db:JVNDBid:JVNDB-2018-006853
db:CNNVDid:CNNVD-201806-1120
db:NVDid:CVE-2018-0313

LAST UPDATE DATE
2024-11-23T21:38:49.106000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-12391date:2018-06-30T00:00:00
db:VULHUBid:VHN-118515date:2020-09-04T00:00:00
db:JVNDBid:JVNDB-2018-006853date:2018-09-03T00:00:00
db:CNNVDid:CNNVD-201806-1120date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0313date:2024-11-21T03:37:57.480

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-12391date:2018-06-30T00:00:00
db:VULHUBid:VHN-118515date:2018-06-21T00:00:00
db:JVNDBid:JVNDB-2018-006853date:2018-09-03T00:00:00
db:CNNVDid:CNNVD-201806-1120date:2018-06-22T00:00:00
db:NVDid:CVE-2018-0313date:2018-06-21T11:29:00.727