Sign-up

ID

VAR-201806-1022


CVE

CVE-2018-0292


TITLE

Cisco NX-OS Software Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-006888

DESCRIPTION

A vulnerability in the Internet Group Management Protocol (IGMP) Snooping feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code and gain full control of an affected system. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to a buffer overflow condition in the IGMP Snooping subsystem. An attacker could exploit this vulnerability by sending crafted IGMP packets to an affected system. An exploit could allow the attacker to execute arbitrary code and gain full control of the affected system or cause the affected system to reload, resulting in a DoS condition. This vulnerability affects Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 3600 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode, Nexus 9000 Series Switches in standalone NX-OS mode. Cisco Bug IDs: CSCuv79620, CSCvg71263. Vendors have confirmed this vulnerability Bug ID CSCuv79620 , CSCvg71263 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. are all different series of switch devices from Cisco. NX-OSSoftware is the data center-level operating system software used by a set of switches running on it

Trust: 2.25

sources: NVD: CVE-2018-0292 // JVNDB: JVNDB-2018-006888 // CNVD: CNVD-2018-12390 // VULHUB: VHN-118494

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-12390

AFFECTED PRODUCTS

vendor:ciscomodel:nx-osscope:gteversion:7.0\(3\)i5

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:7.3\(3\)n1\(1\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:gteversion:6.2

Trust: 1.0

vendor:ciscomodel:nx-osscope:gteversion:12.1

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:7.0\(3\)i7\(1\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:gteversion:6.0

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:13.1\(1i\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:ltversion:8.1\(2\)

Trust: 1.0

vendor:ciscomodel:nx-osscope:lteversion:7.0\(3\)i4

Trust: 1.0

vendor:ciscomodel:nx-osscope: - version: -

Trust: 0.8

vendor:ciscomodel:nexus series switchescope:eqversion:3000

Trust: 0.6

vendor:ciscomodel:nexus series switchesscope:eqversion:7000

Trust: 0.6

vendor:ciscomodel:nexus series switchesscope:eqversion:6000

Trust: 0.6

vendor:ciscomodel:nexus series switchesscope:eqversion:7700

Trust: 0.6

vendor:ciscomodel:nexus platform switchesscope:eqversion:5600

Trust: 0.6

vendor:ciscomodel:nexus platform switchesscope:eqversion:5500

Trust: 0.6

vendor:ciscomodel:nexus platform switchesscope:eqversion:3500

Trust: 0.6

vendor:ciscomodel:nexus platform switchesscope:eqversion:3600

Trust: 0.6

vendor:ciscomodel:nexus series switchesscope:eqversion:9000

Trust: 0.6

vendor:ciscomodel:nexus series switchesscope:eqversion:2000

Trust: 0.6

vendor:ciscomodel:nexus series fabric switchesscope:eqversion:9000

Trust: 0.6

vendor:ciscomodel:nx-osscope:eqversion:7.0\(3\)n1\(1\)

Trust: 0.6

vendor:ciscomodel:nx-osscope:eqversion:7.0\(4\)n1\(1\)

Trust: 0.6

vendor:ciscomodel:nx-osscope:eqversion:7.3\(0\)zn\(0.81\)

Trust: 0.6

vendor:ciscomodel:nx-osscope:eqversion:7.3\(0\)zn\(0.83\)

Trust: 0.6

vendor:ciscomodel:nx-osscope:eqversion:7.0\(3\)i1\(1b\)

Trust: 0.6

vendor:ciscomodel:nx-osscope:eqversion:7.0\(5\)n1\(1\)

Trust: 0.6

vendor:ciscomodel:nx-osscope:eqversion:7.0\(3\)i2\(0.373\)

Trust: 0.6

vendor:ciscomodel:nx-osscope:eqversion:7.0\(3\)i1\(2\)

Trust: 0.6

vendor:ciscomodel:nx-osscope:eqversion:8.0\(1\)s2

Trust: 0.6

vendor:ciscomodel:nx-osscope:eqversion:7.3\(2\)n1\(0.296\)

Trust: 0.6

sources: CNVD: CNVD-2018-12390 // JVNDB: JVNDB-2018-006888 // CNNVD: CNNVD-201806-1055 // NVD: CVE-2018-0292

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0292
value: HIGH

Trust: 1.0

NVD: CVE-2018-0292
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-12390
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201806-1055
value: HIGH

Trust: 0.6

VULHUB: VHN-118494
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-0292
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-12390
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-118494
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0292
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-12390 // VULHUB: VHN-118494 // JVNDB: JVNDB-2018-006888 // CNNVD: CNNVD-201806-1055 // NVD: CVE-2018-0292

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-118494 // JVNDB: JVNDB-2018-006888 // NVD: CVE-2018-0292

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201806-1055

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201806-1055

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-006888

PATCH
title:cisco-sa-20180620-nxosigmpurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxosigmp
Trust: 0.8
title:Patch for multiple Cisco products NX-OSSoftware Buffer Overflow Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/133289
Trust: 0.6
title:Multiple Cisco product NX-OS Software Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81119
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-12390 // 
            
            
            
            JVNDB: JVNDB-2018-006888 // 
            
            
            
            CNNVD: CNNVD-201806-1055

EXTERNAL IDS
db:NVDid:CVE-2018-0292
Trust: 3.1
db:SECTRACKid:1041169
Trust: 1.7
db:JVNDBid:JVNDB-2018-006888
Trust: 0.8
db:CNNVDid:CNNVD-201806-1055
Trust: 0.7
db:CNVDid:CNVD-2018-12390
Trust: 0.6
db:VULHUBid:VHN-118494
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-12390 // 
            
            
            
            VULHUB: VHN-118494 // 
            
            
            
            JVNDB: JVNDB-2018-006888 // 
            
            
            
            CNNVD: CNNVD-201806-1055 // 
            
            
            
            NVD: CVE-2018-0292

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180620-nxosigmp
Trust: 2.3
url:http://www.securitytracker.com/id/1041169
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0292
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0292
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2018-12390 // 
            
            
            
            VULHUB: VHN-118494 // 
            
            
            
            JVNDB: JVNDB-2018-006888 // 
            
            
            
            CNNVD: CNNVD-201806-1055 // 
            
            
            
            NVD: CVE-2018-0292

SOURCES
db:CNVDid:CNVD-2018-12390
db:VULHUBid:VHN-118494
db:JVNDBid:JVNDB-2018-006888
db:CNNVDid:CNNVD-201806-1055
db:NVDid:CVE-2018-0292

LAST UPDATE DATE
2024-11-23T21:38:49.201000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-12390date:2018-06-30T00:00:00
db:VULHUBid:VHN-118494date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2018-006888date:2018-09-04T00:00:00
db:CNNVDid:CNNVD-201806-1055date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0292date:2024-11-21T03:37:54.670

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-12390date:2018-06-30T00:00:00
db:VULHUBid:VHN-118494date:2018-06-20T00:00:00
db:JVNDBid:JVNDB-2018-006888date:2018-09-04T00:00:00
db:CNNVDid:CNNVD-201806-1055date:2018-06-21T00:00:00
db:NVDid:CVE-2018-0292date:2018-06-20T21:29:00.297