Sign-up

ID

VAR-201806-1024


CVE

CVE-2018-0294


TITLE

Cisco FXOS and Cisco NX-OS Software Access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-006890

DESCRIPTION

A vulnerability in the write-erase feature of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to configure an unauthorized administrator account for an affected device. The vulnerability exists because the affected software does not properly delete sensitive files when certain CLI commands are used to clear the device configuration and reload a device. An attacker could exploit this vulnerability by logging into an affected device as an administrative user and configuring an unauthorized account for the device. The account would not require a password for authentication and would be accessible only via a Secure Shell (SSH) connection to the device. A successful exploit could allow the attacker to configure an unauthorized account that has administrative privileges, does not require a password for authentication, and does not appear in the running configuration or the audit logs for the affected device. This vulnerability affects Firepower 4100 Series Next-Generation Firewalls, Firepower 9300 Security Appliance, Nexus 1000V Series Switches, Nexus 1100 Series Cloud Services Platforms, Nexus 2000 Series Fabric Extenders, Nexus 3500 Platform Switches, Nexus 4000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvd13993, CSCvd34845, CSCvd34857, CSCvd34862, CSCvd34879, CSCve35753. Vendors have confirmed this vulnerability Bug ID CSCvd13993 , CSCvd34845 , CSCvd34857 , CSCvd34862 , CSCvd34879 ,and CSCve35753 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco Firepower 4100 Series Next-Generation Firewalls and so on are all products of Cisco. The Cisco Firepower 4100 Series Next-Generation Firewall is a 4100 series firewall device. NX-OSSoftware is a suite of data center-level operating system software running on Cisco switch devices. Delete sensitive files

Trust: 2.25

sources: NVD: CVE-2018-0294 // JVNDB: JVNDB-2018-006890 // CNVD: CNVD-2018-12387 // VULHUB: VHN-118496

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-12387

AFFECTED PRODUCTS

vendor:ciscomodel:nx-osscope:eqversion:5.2\(1\)sv3\(1.10\)

Trust: 1.6

vendor:ciscomodel:nx-osscope:eqversion:4.1\(2\)e1\(1a\)

Trust: 1.6

vendor:ciscomodel:nx-osscope:eqversion:7.3\(2\)n1\(0.354\)

Trust: 1.6

vendor:ciscomodel:nx-osscope:eqversion:8.8\(3.5\)s0

Trust: 1.6

vendor:ciscomodel:nx-osscope:eqversion:7.0\(3\)i2\(4a\)

Trust: 1.6

vendor:ciscomodel:firepower extensible operating systemscope:gteversion:2.1.1

Trust: 1.0

vendor:ciscomodel:fxosscope:gteversion:1.1

Trust: 1.0

vendor:ciscomodel:firepower extensible operating systemscope:ltversion:2.2.2.17

Trust: 1.0

vendor:ciscomodel:fxosscope:ltversion:2.0.1.159

Trust: 1.0

vendor:ciscomodel:firepower extensible operating systemscope:ltversion:2.1.1.86

Trust: 1.0

vendor:ciscomodel:firepower extensible operating systemscope:gteversion:2.2

Trust: 1.0

vendor:ciscomodel:nx-osscope: - version: -

Trust: 0.8

vendor:ciscomodel:fx-osscope: - version: -

Trust: 0.8

vendor:ciscomodel:nexus series switchesscope:eqversion:1000v

Trust: 0.6

vendor:ciscomodel:nexus series switchesscope:eqversion:4000

Trust: 0.6

vendor:ciscomodel:nexus series switchesscope:eqversion:6000

Trust: 0.6

vendor:ciscomodel:nexus platform switchesscope:eqversion:5600

Trust: 0.6

vendor:ciscomodel:nexus platform switchesscope:eqversion:5500

Trust: 0.6

vendor:ciscomodel:nexus series fabric extendersscope:eqversion:2000

Trust: 0.6

vendor:ciscomodel:nexus platform switchesscope:eqversion:3500

Trust: 0.6

vendor:ciscomodel:firepower security appliancescope:eqversion:9300

Trust: 0.6

vendor:ciscomodel:ucs series fabric interconnectsscope:eqversion:6100

Trust: 0.6

vendor:ciscomodel:ucs series fabric interconnectsscope:eqversion:6300

Trust: 0.6

vendor:ciscomodel:ucs series fabric interconnectsscope:eqversion:6200

Trust: 0.6

vendor:ciscomodel:firepower series next-generation firewallsscope:eqversion:41000

Trust: 0.6

sources: CNVD: CNVD-2018-12387 // JVNDB: JVNDB-2018-006890 // CNNVD: CNNVD-201806-1053 // NVD: CVE-2018-0294

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0294
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-0294
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-12387
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201806-1053
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118496
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-0294
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-12387
severity: MEDIUM
baseScore: 6.2
vectorString: AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 1.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-118496
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0294
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-12387 // VULHUB: VHN-118496 // JVNDB: JVNDB-2018-006890 // CNNVD: CNNVD-201806-1053 // NVD: CVE-2018-0294

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.0

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-118496 // JVNDB: JVNDB-2018-006890 // NVD: CVE-2018-0294

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201806-1053

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201806-1053

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-006890

PATCH
title:cisco-sa-20180620-nxosadminurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxosadmin
Trust: 0.8
title:Patches for several Cisco products FXOSSoftware and NX-OSSoftware Permission Access Control Vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/133283
Trust: 0.6
title:Multiple Cisco product FXOS Software  and NX-OS Software Fixes for permission permissions and access control vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81118
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-12387 // 
            
            
            
            JVNDB: JVNDB-2018-006890 // 
            
            
            
            CNNVD: CNNVD-201806-1053

EXTERNAL IDS
db:NVDid:CVE-2018-0294
Trust: 3.1
db:SECTRACKid:1041169
Trust: 1.7
db:JVNDBid:JVNDB-2018-006890
Trust: 0.8
db:CNNVDid:CNNVD-201806-1053
Trust: 0.7
db:CNVDid:CNVD-2018-12387
Trust: 0.6
db:VULHUBid:VHN-118496
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-12387 // 
            
            
            
            VULHUB: VHN-118496 // 
            
            
            
            JVNDB: JVNDB-2018-006890 // 
            
            
            
            CNNVD: CNNVD-201806-1053 // 
            
            
            
            NVD: CVE-2018-0294

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180620-nxosadmin
Trust: 2.3
url:http://www.securitytracker.com/id/1041169
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0294
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0294
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2018-12387 // 
            
            
            
            VULHUB: VHN-118496 // 
            
            
            
            JVNDB: JVNDB-2018-006890 // 
            
            
            
            CNNVD: CNNVD-201806-1053 // 
            
            
            
            NVD: CVE-2018-0294

SOURCES
db:CNVDid:CNVD-2018-12387
db:VULHUBid:VHN-118496
db:JVNDBid:JVNDB-2018-006890
db:CNNVDid:CNNVD-201806-1053
db:NVDid:CVE-2018-0294

LAST UPDATE DATE
2024-11-23T21:38:49.471000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-12387date:2018-06-30T00:00:00
db:VULHUBid:VHN-118496date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2018-006890date:2018-09-04T00:00:00
db:CNNVDid:CNNVD-201806-1053date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0294date:2024-11-21T03:37:54.957

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-12387date:2018-06-30T00:00:00
db:VULHUBid:VHN-118496date:2018-06-20T00:00:00
db:JVNDBid:JVNDB-2018-006890date:2018-09-04T00:00:00
db:CNNVDid:CNNVD-201806-1053date:2018-06-21T00:00:00
db:NVDid:CVE-2018-0294date:2018-06-20T21:29:00.390