Details of VAR-201806-1017

ID

VAR-201806-1017

CVE

CVE-2018-0337

TITLE

Cisco NX-OS Software input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-006856

DESCRIPTION

A vulnerability in the role-based access-checking mechanisms of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on an affected device. The vulnerability exists because the affected software lacks proper input and validation checks for certain file systems. An attacker could exploit this vulnerability by issuing crafted commands in the CLI of an affected device. A successful exploit could allow the attacker to cause other users to execute unwanted, arbitrary commands on the affected device. Cisco Bug IDs: CSCvd06339, CSCvd15698, CSCvd36108, CSCvf52921, CSCvf52930, CSCvf52953, CSCvf52976. Vendors have confirmed this vulnerability Bug ID CSCvd06339 , CSCvd15698 , CSCvd36108 , CSCvf52921 , CSCvf52930 , CSCvf52953 ,and CSCvf52976 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

Trust: 1.71

sources: NVD: CVE-2018-0337 // JVNDB: JVNDB-2018-006856 // VULHUB: VHN-118539

AFFECTED PRODUCTS

vendor:	cisco	model:	nx-os	scope:	eq	version:	7.3\(1\)n1\(0.6\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	7.3\(1\)dx\(0.119\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	8.1\(0\)bd\(0.20\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	7.3\(3\)d1\(0.2\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	8.3\(0\)spg\(0.30\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	8.0\(0.54\)s0	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	7.1\(4\)n1\(1\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	8.2\(0.4\)s0	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	8.8\(3.5\)s0	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	8.1\(0.9\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	7.0\(8\)n1\(1\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	eq	version:	7.3\(2\)n1\(0.350\)	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2018-006856 // CNNVD: CNNVD-201806-1118 // NVD: CVE-2018-0337

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0337
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-0337
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201806-1118
value:	HIGH
Trust: 0.6
VULHUB:	VHN-118539
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-0337
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-118539
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0337
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2018-0337
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-118539 // JVNDB: JVNDB-2018-006856 // CNNVD: CNNVD-201806-1118 // NVD: CVE-2018-0337

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.9
problemtype:	CWE-863	Trust: 1.1

sources: VULHUB: VHN-118539 // JVNDB: JVNDB-2018-006856 // NVD: CVE-2018-0337

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201806-1118

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201806-1118

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-006856

PATCH

title:	cisco-sa-20180620-nxos-rbaccess	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxos-rbaccess	Trust: 0.8
title:	Cisco NX-OS Software Enter the fix for the verification vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81449	Trust: 0.6

sources: JVNDB: JVNDB-2018-006856 // CNNVD: CNNVD-201806-1118

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0337	Trust: 2.5
db:	JVNDB	id:	JVNDB-2018-006856	Trust: 0.8
db:	CNNVD	id:	CNNVD-201806-1118	Trust: 0.7
db:	VULHUB	id:	VHN-118539	Trust: 0.1

sources: VULHUB: VHN-118539 // JVNDB: JVNDB-2018-006856 // CNNVD: CNNVD-201806-1118 // NVD: CVE-2018-0337

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180620-nxos-rbaccess	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0337	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0337	Trust: 0.8

sources: VULHUB: VHN-118539 // JVNDB: JVNDB-2018-006856 // CNNVD: CNNVD-201806-1118 // NVD: CVE-2018-0337

SOURCES

db:	VULHUB	id:	VHN-118539
db:	JVNDB	id:	JVNDB-2018-006856
db:	CNNVD	id:	CNNVD-201806-1118
db:	NVD	id:	CVE-2018-0337

LAST UPDATE DATE

2024-11-23T22:41:49.280000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-118539	date:	2020-08-31T00:00:00
db:	JVNDB	id:	JVNDB-2018-006856	date:	2018-09-03T00:00:00
db:	CNNVD	id:	CNNVD-201806-1118	date:	2020-09-02T00:00:00
db:	NVD	id:	CVE-2018-0337	date:	2024-11-21T03:38:00.557

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-118539	date:	2018-06-21T00:00:00
db:	JVNDB	id:	JVNDB-2018-006856	date:	2018-09-03T00:00:00
db:	CNNVD	id:	CNNVD-201806-1118	date:	2018-06-22T00:00:00
db:	NVD	id:	CVE-2018-0337	date:	2018-06-21T11:29:00.837