Sign-up

ID

VAR-201806-1021


CVE

CVE-2018-0291


TITLE

Cisco NX-OS Software Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-006887

DESCRIPTION

A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application on an affected device to restart unexpectedly. The vulnerability is due to improper validation of SNMP protocol data units (PDUs) in SNMP packets. An attacker could exploit this vulnerability by sending a crafted SNMP packet to an affected device. A successful exploit could allow the attacker to cause the SNMP application to restart multiple times, leading to a system-level restart and a denial of service (DoS) condition. This vulnerability affects Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 3600 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCuw99630, CSCvg71290, CSCvj67977. Cisco NX-OS Software Contains an input validation vulnerability. Vendors have confirmed this vulnerability Bug ID CSCuw99630 , CSCvg71290 , CSCvj67977 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. are products of Cisco. are all switch devices. FabricModules is a switch matrix module. NX-OSSoftware is the data center-level operating system software used by a set of switches running on it

Trust: 2.25

sources: NVD: CVE-2018-0291 // JVNDB: JVNDB-2018-006887 // CNVD: CNVD-2018-12393 // VULHUB: VHN-118493

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-12393

AFFECTED PRODUCTS

vendor:ciscomodel:nx-osscope:ltversion:7.0\(3\)i3

Trust: 1.0

vendor:ciscomodel:nx-osscope:eqversion:7.0

Trust: 1.0

vendor:ciscomodel:nx-osscope:gteversion:7.0\(3\)i4

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:7.3\(3\)n1\(1\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:2.2

Trust: 1.0

vendor:ciscomodel:nx-osscope:gteversion:6.2

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:3.2\(2b\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:7.0\(3\)i7\(1\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:gteversion:6.0

Trust: 1.0

vendor:ciscomodel:nx-osscope:gteversion:2.5

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:8.1\(2\)

Trust: 1.0

vendor:ciscomodel:nx-osscope: - version: -

Trust: 0.8

vendor:ciscomodel:nexus series switchescope:eqversion:3000

Trust: 0.6

vendor:ciscomodel:nexus series switchesscope:eqversion:7000

Trust: 0.6

vendor:ciscomodel:nexus series switchesscope:eqversion:6000

Trust: 0.6

vendor:ciscomodel:nexus series switchesscope:eqversion:7700

Trust: 0.6

vendor:ciscomodel:nexus platform switchesscope:eqversion:5600

Trust: 0.6

vendor:ciscomodel:nexus platform switchesscope:eqversion:5500

Trust: 0.6

vendor:ciscomodel:nexus platform switchesscope:eqversion:3500

Trust: 0.6

vendor:ciscomodel:nexus r-series line cards and fabric modulesscope:eqversion:9500

Trust: 0.6

vendor:ciscomodel:nexus platform switchesscope:eqversion:3600

Trust: 0.6

vendor:ciscomodel:nexus series switchesscope:eqversion:9000

Trust: 0.6

vendor:ciscomodel:ucs series fabric interconnectsscope:eqversion:6100

Trust: 0.6

vendor:ciscomodel:ucs series fabric interconnectsscope:eqversion:6200

Trust: 0.6

vendor:ciscomodel:ucs series fabric interconnectsscope:eqversion:6300

Trust: 0.6

vendor:ciscomodel:nexus series switchesscope:eqversion:2000

Trust: 0.6

vendor:ciscomodel:nx-osscope:eqversion:6.1\(5\)

Trust: 0.6

vendor:ciscomodel:nx-osscope:eqversion:4.1\(2\)e1\(1e\)

Trust: 0.6

vendor:ciscomodel:nx-osscope:eqversion:4.1\(2\)e1\(1d\)

Trust: 0.6

vendor:ciscomodel:nx-osscope:eqversion:6.1\(4\)

Trust: 0.6

vendor:ciscomodel:nx-osscope:eqversion:4.1\(2\)e1\(1c\)

Trust: 0.6

vendor:ciscomodel:nx-osscope:eqversion:6.2\(1\)

Trust: 0.6

vendor:ciscomodel:nx-osscope:eqversion:4.1\(2\)e1\(1b\)

Trust: 0.6

vendor:ciscomodel:nx-osscope:eqversion:4.1\(2\)e1\(1\)

Trust: 0.6

vendor:ciscomodel:nx-osscope:eqversion:6.1\(3\)

Trust: 0.6

vendor:ciscomodel:nx-osscope:eqversion:6.1\(4a\)

Trust: 0.6

sources: CNVD: CNVD-2018-12393 // JVNDB: JVNDB-2018-006887 // CNNVD: CNNVD-201806-1056 // NVD: CVE-2018-0291

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0291
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-0291
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-12393
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201806-1056
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118493
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0291
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-12393
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-118493
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0291
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-12393 // VULHUB: VHN-118493 // JVNDB: JVNDB-2018-006887 // CNNVD: CNNVD-201806-1056 // NVD: CVE-2018-0291

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-118493 // JVNDB: JVNDB-2018-006887 // NVD: CVE-2018-0291

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201806-1056

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201806-1056

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-006887

PATCH
title:cisco-sa-20180620-nxossnmpurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxossnmp
Trust: 0.8
title:Patches for several Cisco products NX-OSSoftwareSNMP Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/133291
Trust: 0.6
title:Multiple Cisco product NX-OS Software Simple Network Management Protocol input packet processor Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81120
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-12393 // 
            
            
            
            JVNDB: JVNDB-2018-006887 // 
            
            
            
            CNNVD: CNNVD-201806-1056

EXTERNAL IDS
db:NVDid:CVE-2018-0291
Trust: 3.1
db:SECTRACKid:1041169
Trust: 1.7
db:JVNDBid:JVNDB-2018-006887
Trust: 0.8
db:CNNVDid:CNNVD-201806-1056
Trust: 0.7
db:CNVDid:CNVD-2018-12393
Trust: 0.6
db:VULHUBid:VHN-118493
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-12393 // 
            
            
            
            VULHUB: VHN-118493 // 
            
            
            
            JVNDB: JVNDB-2018-006887 // 
            
            
            
            CNNVD: CNNVD-201806-1056 // 
            
            
            
            NVD: CVE-2018-0291

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180620-nxossnmp
Trust: 2.3
url:http://www.securitytracker.com/id/1041169
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0291
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0291
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2018-12393 // 
            
            
            
            VULHUB: VHN-118493 // 
            
            
            
            JVNDB: JVNDB-2018-006887 // 
            
            
            
            CNNVD: CNNVD-201806-1056 // 
            
            
            
            NVD: CVE-2018-0291

SOURCES
db:CNVDid:CNVD-2018-12393
db:VULHUBid:VHN-118493
db:JVNDBid:JVNDB-2018-006887
db:CNNVDid:CNNVD-201806-1056
db:NVDid:CVE-2018-0291

LAST UPDATE DATE
2024-11-23T21:38:48.868000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-12393date:2018-06-30T00:00:00
db:VULHUBid:VHN-118493date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2018-006887date:2018-09-04T00:00:00
db:CNNVDid:CNNVD-201806-1056date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0291date:2024-11-21T03:37:54.503

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-12393date:2018-06-30T00:00:00
db:VULHUBid:VHN-118493date:2018-06-20T00:00:00
db:JVNDBid:JVNDB-2018-006887date:2018-09-04T00:00:00
db:CNNVDid:CNNVD-201806-1056date:2018-06-21T00:00:00
db:NVDid:CVE-2018-0291date:2018-06-20T21:29:00.217