Details of VAR-201806-1031

ID

VAR-201806-1031

CVE

CVE-2018-0302

TITLE

Cisco FXOS and UCS Fabric Interconnect Software buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-006806

DESCRIPTION

A vulnerability in the CLI parser of Cisco FXOS Software and Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to incorrect input validation in the CLI parser subsystem. An attacker could exploit this vulnerability by exceeding the expected length of user input. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the affected system. This vulnerability affects Firepower 4100 Series Next-Generation Firewall, Firepower 9300 Security Appliance, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvb61099, CSCvb86743. Vendors have confirmed this vulnerability Bug ID CSCvb61099 , CSCvb86743 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. are all products of Cisco (Cisco). CLI parser is one of the command line command parsers

Trust: 1.71

sources: NVD: CVE-2018-0302 // JVNDB: JVNDB-2018-006806 // VULHUB: VHN-118504

AFFECTED PRODUCTS

vendor:	cisco	model:	nx-os	scope:	eq	version:	3.1\(1k\)a	Trust: 1.6
vendor:	cisco	model:	firepower extensible operating system	scope:	lt	version:	1.1.4.169	Trust: 1.0
vendor:	cisco	model:	firepower extensible operating system	scope:	gte	version:	1.1	Trust: 1.0
vendor:	cisco	model:	firepower extensible operating system	scope:	lt	version:	2.0.1.135	Trust: 1.0
vendor:	cisco	model:	firepower extensible operating system	scope:	gte	version:	2.0	Trust: 1.0
vendor:	cisco	model:	nx-os	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	fx-os	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2018-006806 // CNNVD: CNNVD-201806-1127 // NVD: CVE-2018-0302

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0302
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-0302
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201806-1127
value:	HIGH
Trust: 0.6
VULHUB:	VHN-118504
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-0302
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-118504
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0302
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2018-0302
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-118504 // JVNDB: JVNDB-2018-006806 // CNNVD: CNNVD-201806-1127 // NVD: CVE-2018-0302

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.9
problemtype:	CWE-20	Trust: 1.9

sources: VULHUB: VHN-118504 // JVNDB: JVNDB-2018-006806 // NVD: CVE-2018-0302

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201806-1127

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201806-1127

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-006806

PATCH

title:

cisco-sa-20180620-fxos-ace

url:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fxos-ace

Trust: 0.8

sources: JVNDB: JVNDB-2018-006806

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0302	Trust: 2.5
db:	JVNDB	id:	JVNDB-2018-006806	Trust: 0.8
db:	CNNVD	id:	CNNVD-201806-1127	Trust: 0.7
db:	VULHUB	id:	VHN-118504	Trust: 0.1

sources: VULHUB: VHN-118504 // JVNDB: JVNDB-2018-006806 // CNNVD: CNNVD-201806-1127 // NVD: CVE-2018-0302

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180620-fxos-ace	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0302	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0302	Trust: 0.8

sources: VULHUB: VHN-118504 // JVNDB: JVNDB-2018-006806 // CNNVD: CNNVD-201806-1127 // NVD: CVE-2018-0302

SOURCES

db:	VULHUB	id:	VHN-118504
db:	JVNDB	id:	JVNDB-2018-006806
db:	CNNVD	id:	CNNVD-201806-1127
db:	NVD	id:	CVE-2018-0302

LAST UPDATE DATE

2024-11-23T23:02:08.223000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-118504	date:	2020-09-04T00:00:00
db:	JVNDB	id:	JVNDB-2018-006806	date:	2018-08-31T00:00:00
db:	CNNVD	id:	CNNVD-201806-1127	date:	2020-09-07T00:00:00
db:	NVD	id:	CVE-2018-0302	date:	2024-11-21T03:37:56.007

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-118504	date:	2018-06-21T00:00:00
db:	JVNDB	id:	JVNDB-2018-006806	date:	2018-08-31T00:00:00
db:	CNNVD	id:	CNNVD-201806-1127	date:	2018-06-22T00:00:00
db:	NVD	id:	CVE-2018-0302	date:	2018-06-21T11:29:00.367