Executive Summary
Summary | |
---|---|
Title | Cisco FXOS and NX-OS Software Cisco Fabric Services Arbitrary Code Execution Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20180620-fxnxos-ace | First vendor Publication | 2018-06-20 |
Vendor | Cisco | Last vendor Modification | 2018-06-20 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to read sensitive memory content, create a denial of service (DoS) condition, or execute arbitrary code as root. The vulnerability exists because the affected software insufficiently validates Cisco Fabric Services packet headers. An attacker could exploit this vulnerability by sending a crafted Cisco Fabric Services packet to an affected device. A successful exploit could allow the attacker to cause a buffer overflow or buffer overread condition in the Cisco Fabric Services component, which could allow the attacker to read sensitive memory content, create a DoS condition, or execute arbitrary code as root. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fxnxos-ace ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fxnxos-ace"] This advisory is part of the June 2018 Cisco FXOS and NX-OS Software Security Advisory Collection, which includes 24 Cisco Security Advisories that describe 24 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: June 2018 Cisco FXOS and NX-OS Software Security Advisory Collection ["https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-67770"]. BEGIN PGP SIGNATURE iQJ5BAEBAgBjBQJbKnqeXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfczbIkP/Rl0QaU6ykTu9gpnU6uvgl9zZ96a k5iy8BET/9VpSG/u1HZz5EH5Y2+rmZrALXqYrd0vtM+iWlfYTHjiRnQ0yi8DsH9f 4mCGUaxOWG+QzV0Gkw6yapFR+hYwGq7ZQB2sMX3RUBnCQONRwV4CkrSncp3kBLKk +aoaUwzAHp43y5d4JYPBdyLv4DssUXEqmXxPYJIpseWBV7qXspJ405jNZa9vWWg4 Y7WM+lPfucdCRqIF7sRJeJMV+ZnaOk6Kn8Tjj1T5vlA7nbyngBEEmG/ML0C42VCJ pgtKA9OBQPG6yQlvjQZivv83vhWvgRAt8xRLlcf8rTmbpAcB4608WdtvdzaUavmH L9r+x0P42Ekk/oSWujgmd6PmPYHxoexdWGjZWsi64dR7oswEQkGI1L7ZXjU9nsGc sD8WPxz1FyX92ffwx7RtL3Rr6RfeuSl7WJ0Bw1umEfdZRsFcmTZc0AHJkSNW3qPU toeGBP9Ti5HVR701o7fakJEL6b9w4t2JcDmEUaUEmYP1Wly4B2ihYGTbz3S3WD9n VnmmHa9zzP+9euszr+Iw4C7QcUaAu2bDKb2ccIWTdGVhqje5boaY1gvaQlPAWjy5 XesbV6iEhd1NYYxQeFY+jG3UvRt4PCpNsaUASrkQASMGZCH+4X+R0f65iJ3ZXMYT PGKY7yr+jjozaRHh =oCw9 END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-125 | Out-of-bounds Read |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 2 | |
Os | 3 | |
Os | 3 | |
Os | 2 | |
Os | 2 |
Snort® IPS/IDS
Date | Description |
---|---|
2020-12-05 | Cisco NX-OS Fabric Services Protocol TLV integer overflow attempt RuleID : 47014 - Revision : 1 - Type : SERVER-OTHER |
2020-12-05 | Cisco NX-OS Fabric Services Protocol TLV integer overflow attempt RuleID : 47013 - Revision : 1 - Type : SERVER-OTHER |
2020-12-05 | Cisco NX-OS Fabric Services Protocol TLV out of bounds read attempt RuleID : 47012 - Revision : 1 - Type : SERVER-OTHER |
2020-12-05 | Cisco NX-OS Fabric Services Protocol TLV out of bounds read attempt RuleID : 47011 - Revision : 1 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2018-06-25 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20180620-cfs.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2020-12-05 21:23:46 |
|
2018-08-13 21:21:51 |
|
2018-06-21 00:21:09 |
|
2018-06-20 21:19:26 |
|