Executive Summary
Summary | |
---|---|
Title | Cisco FXOS and NX-OS Software Cisco Discovery Protocol Arbitrary Code Execution Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20180620-fxnxos-dos | First vendor Publication | 2018-06-20 |
Vendor | Cisco | Last vendor Modification | 2018-06-20 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:A/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 8.3 | Attack Range | Adjacent network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 6.5 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in the Cisco Discovery Protocol component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a denial of service (DoS) condition on the affected device. The vulnerability exists because of insufficiently validated Cisco Discovery Protocol packet headers. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to a Layer 2 adjacent affected device. A successful exploit could allow the attacker to cause a buffer overflow that could allow the attacker to execute arbitrary code as root or cause a DoS condition on the affected device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fxnxos-dos ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fxnxos-dos"] This advisory is part of the June 2018 Cisco FXOS and NX-OS Software Security Advisory Collection, which includes 24 Cisco Security Advisories that describe 24 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: June 2018 Cisco FXOS and NX-OS Software Security Advisory Collection ["https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-67770"]. BEGIN PGP SIGNATURE iQJ5BAEBAgBjBQJbKnqbXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfczHtgQAJsh2zYdwi5+gAsS0T/Fui33SNqv E3c+R42beYSD/MrQG6IK3ukaVcQ5pqRHHg/osM7lYaVMkn5IKv+sAhWu8oSlmzOs QWjS8v/7wtPYTPtCPr8KX15Ahd/fh+hLxi1QpTu9Zpb0G0lvoTZSSgwZQSwAzE2/ 9skOThLYAan82rN3AyExgauJ2xcc7EXiMx3xxxSYGaYozCTqaCbIYS/ImehSKNmn 0CGvsZYj1j8gP+7X8MIcp1XBpZLnVbc09QxHUFCAEIFS8r27TFP9NTHVFgHDN0A2 uWHiHuCZC/JmAQFz5DfQ/golx0kh0sXFDo3BfPfo0JChiKJx1PniVU7gjv1+Uzxh XAh+AyI2Bqhy5RZ4GuPekDNUTK+YOQt+cwgBA9P+ReUPsW02XY9r0V+aPS5gaZi4 jDZD78z9csYTampZmiyVfilS3wtN9iMHuSkzhzgTM0adwtuAWY5wdAAzQJFKYMw8 6Tjq6CR+i56js6jF/thNyv5+oGlg+iJW2Ukfcwdgsy1k8VXmS8rnlZ3d0TH96WbQ i+7vyVNCV3TeOHPtLWyS0gUh261Lgl3y1tw+63EGgGjw2ieQsWUc6R98Khb5E6So 6idHKGkl6NAHbEZNK4B/NhA+i2eQdA07mWs1Vx2VjX3rncy3aLosgSjeOdx2685v JyYGiz354hgwfbst =M7Xv END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
Alert History
Date | Informations |
---|---|
2018-08-21 00:21:46 |
|
2018-06-21 17:21:16 |
|
2018-06-20 21:19:25 |
|