Sign-up

ID

VAR-201806-1032


CVE

CVE-2018-0303


TITLE

Cisco FXOS and NX-OS Software input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-006807

DESCRIPTION

A vulnerability in the Cisco Discovery Protocol component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a denial of service (DoS) condition on the affected device. The vulnerability exists because of insufficiently validated Cisco Discovery Protocol packet headers. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to a Layer 2 adjacent affected device. A successful exploit could allow the attacker to cause a buffer overflow that could allow the attacker to execute arbitrary code as root or cause a DoS condition on the affected device. This vulnerability affects the following if configured to use Cisco Discovery Protocol: Firepower 4100 Series Next-Generation Firewalls, Firepower 9300 Security Appliance, MDS 9000 Series Multilayer Switches, Nexus 1000V Series Switches, Nexus 1100 Series Cloud Services Platforms, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvc22202, CSCvc22205, CSCvc22208, CSCvc88078, CSCvc88150, CSCvc88159, CSCvc88162, CSCvc88167. Cisco FXOS and NX-OS The software contains an input validation vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvc22202 , CSCvc22205 , CSCvc22208 , CSCvc88078 , CSCvc88150 , CSCvc88159 , CSCvc88162 , CSCvc88167 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Cisco Firepower 4100 Series Next-Generation Firewalls and so on are all products of Cisco. The Cisco Firepower 4100 Series Next-Generation Firewall is a 4100 series firewall device. FXOSSoftware is a suite of firewall software running on Cisco security appliances. NX-OSSoftware is a suite of data center-level operating system software running on Cisco switch devices

Trust: 2.25

sources: NVD: CVE-2018-0303 // JVNDB: JVNDB-2018-006807 // CNVD: CNVD-2018-14572 // VULHUB: VHN-118505

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-14572

AFFECTED PRODUCTS

vendor:ciscomodel:nx-osscope:eqversion:8.1\(0.2\)s0

Trust: 1.6

vendor:ciscomodel:nx-osscope:eqversion:3.1\(3a\)a

Trust: 1.6

vendor:ciscomodel:nx-osscope:eqversion:8.0\(1\)

Trust: 1.6

vendor:ciscomodel:nx-osscope:eqversion:8.8\(3.5\)s0

Trust: 1.6

vendor:ciscomodel:nx-osscope:eqversion:7.0\(0\)hsk\(0.357\)

Trust: 1.6

vendor:ciscomodel:nx-osscope:eqversion:8.8\(0.1\)

Trust: 1.6

vendor:ciscomodel:nx-osscope:eqversion:7.0\(3\)i4\(7\)

Trust: 1.6

vendor:ciscomodel:nx-osscope:eqversion:7.0\(3\)i7\(1\)

Trust: 1.6

vendor:ciscomodel:firepower extensible operating systemscope:ltversion:2.0.1.153

Trust: 1.0

vendor:ciscomodel:firepower extensible operating systemscope:ltversion:2.1.1.86

Trust: 1.0

vendor:ciscomodel:firepower extensible operating systemscope:ltversion:2.2.1.70

Trust: 1.0

vendor:ciscomodel:firepower extensible operating systemscope:ltversion:1.1.4.179

Trust: 1.0

vendor:ciscomodel:firepower extensible operating systemscope:gteversion:2.2.1

Trust: 1.0

vendor:ciscomodel:firepower extensible operating systemscope:gteversion:2.2.2

Trust: 1.0

vendor:ciscomodel:firepower extensible operating systemscope:gteversion:2.0

Trust: 1.0

vendor:ciscomodel:firepower extensible operating systemscope:gteversion:2.1.1

Trust: 1.0

vendor:ciscomodel:firepower extensible operating systemscope:ltversion:2.2.2.17

Trust: 1.0

vendor:ciscomodel:firepower extensible operating systemscope:gteversion:1.1

Trust: 1.0

vendor:ciscomodel:nx-osscope: - version: -

Trust: 0.8

vendor:ciscomodel:fx-osscope: - version: -

Trust: 0.8

vendor:ciscomodel:nexus series switchesscope:eqversion:1000v

Trust: 0.6

vendor:ciscomodel:nexus series switchescope:eqversion:3000

Trust: 0.6

vendor:ciscomodel:nexus series switchesscope:eqversion:7000

Trust: 0.6

vendor:ciscomodel:nexus series switchesscope:eqversion:6000

Trust: 0.6

vendor:ciscomodel:nexus series switchesscope:eqversion:7700

Trust: 0.6

vendor:ciscomodel:nexus platform switchesscope:eqversion:5600

Trust: 0.6

vendor:ciscomodel:nexus platform switchesscope:eqversion:5500

Trust: 0.6

vendor:ciscomodel:nexus platform switchesscope:eqversion:3500

Trust: 0.6

vendor:ciscomodel:nexus series switchesscope:eqversion:70000

Trust: 0.6

vendor:ciscomodel:nexus r-series line cards and fabric modulesscope:eqversion:9500

Trust: 0.6

vendor:ciscomodel:mds series multilayer switchesscope:eqversion:9000

Trust: 0.6

vendor:ciscomodel:nexus series switchesscope:eqversion:9000

Trust: 0.6

vendor:ciscomodel:ucs series fabric interconnectsscope:eqversion:6100

Trust: 0.6

vendor:ciscomodel:ucs series fabric interconnectsscope:eqversion:6200

Trust: 0.6

vendor:ciscomodel:ucs series fabric interconnectsscope:eqversion:6300

Trust: 0.6

vendor:ciscomodel:nexus series fabric extendersscope:eqversion:2000

Trust: 0.6

vendor:ciscomodel:firepower series next-generation firewallsscope:eqversion:41000

Trust: 0.6

vendor:ciscomodel:nexus series fabric switchesscope:eqversion:9000

Trust: 0.6

vendor:ciscomodel:firepower security appliancescope:eqversion:9300

Trust: 0.6

vendor:ciscomodel:nexus series cloud services platformsscope:eqversion:1100

Trust: 0.6

sources: CNVD: CNVD-2018-14572 // JVNDB: JVNDB-2018-006807 // CNNVD: CNNVD-201806-1126 // NVD: CVE-2018-0303

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0303
value: HIGH

Trust: 1.0

NVD: CVE-2018-0303
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-14572
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201806-1126
value: HIGH

Trust: 0.6

VULHUB: VHN-118505
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-0303
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-14572
severity: MEDIUM
baseScore: 6.8
vectorString: AV:A/AC:H/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.2
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-118505
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0303
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-14572 // VULHUB: VHN-118505 // JVNDB: JVNDB-2018-006807 // CNNVD: CNNVD-201806-1126 // NVD: CVE-2018-0303

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

problemtype:CWE-119

Trust: 1.1

sources: VULHUB: VHN-118505 // JVNDB: JVNDB-2018-006807 // NVD: CVE-2018-0303

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201806-1126

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201806-1126

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-006807

PATCH
title:cisco-sa-20180620-fxnxos-dosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fxnxos-dos
Trust: 0.8
title:Various Cisco products FXOSSoftware and NX-OSSoftwareDiscoveryProtocol components enter patches for verification vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/136279
Trust: 0.6
title:Multiple Cisco product FXOS Software  and NX-OS Software Discovery Protocol Fixes for component input validation vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81457
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-14572 // 
            
            
            
            JVNDB: JVNDB-2018-006807 // 
            
            
            
            CNNVD: CNNVD-201806-1126

EXTERNAL IDS
db:NVDid:CVE-2018-0303
Trust: 3.1
db:SECTRACKid:1041169
Trust: 1.7
db:JVNDBid:JVNDB-2018-006807
Trust: 0.8
db:CNNVDid:CNNVD-201806-1126
Trust: 0.7
db:CNVDid:CNVD-2018-14572
Trust: 0.6
db:VULHUBid:VHN-118505
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-14572 // 
            
            
            
            VULHUB: VHN-118505 // 
            
            
            
            JVNDB: JVNDB-2018-006807 // 
            
            
            
            CNNVD: CNNVD-201806-1126 // 
            
            
            
            NVD: CVE-2018-0303

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180620-fxnxos-dos
Trust: 2.3
url:http://www.securitytracker.com/id/1041169
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0303
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0303
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2018-14572 // 
            
            
            
            VULHUB: VHN-118505 // 
            
            
            
            JVNDB: JVNDB-2018-006807 // 
            
            
            
            CNNVD: CNNVD-201806-1126 // 
            
            
            
            NVD: CVE-2018-0303

SOURCES
db:CNVDid:CNVD-2018-14572
db:VULHUBid:VHN-118505
db:JVNDBid:JVNDB-2018-006807
db:CNNVDid:CNNVD-201806-1126
db:NVDid:CVE-2018-0303

LAST UPDATE DATE
2024-11-23T21:38:48.998000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-14572date:2018-08-03T00:00:00
db:VULHUBid:VHN-118505date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2018-006807date:2018-08-31T00:00:00
db:CNNVDid:CNNVD-201806-1126date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0303date:2024-11-21T03:37:56.127

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-14572date:2018-08-03T00:00:00
db:VULHUBid:VHN-118505date:2018-06-21T00:00:00
db:JVNDBid:JVNDB-2018-006807date:2018-08-31T00:00:00
db:CNNVDid:CNNVD-201806-1126date:2018-06-22T00:00:00
db:NVDid:CVE-2018-0303date:2018-06-21T11:29:00.413