Executive Summary
Summary | |
---|---|
Title | Cisco FXOS and NX-OS Software Cisco Fabric Services Denial of Service Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20180620-nx-os-fabric-dos | First vendor Publication | 2018-06-20 |
Vendor | Cisco | Last vendor Modification | 2018-06-20 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to obtain sensitive information from memory or cause a denial of service (DoS) condition on the affected product. The vulnerability exists because the affected software insufficiently validates header values in Cisco Fabric Services packets. An attacker could exploit this vulnerability by sending a crafted Cisco Fabric Services packet to an affected device. A successful exploit could allow the attacker to cause a buffer overread condition, which could allow the attacker to obtain sensitive information from memory or cause a DoS condition on the affected product. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nx-os-fabric-dos ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nx-os-fabric-dos"] This advisory is part of the June 2018 Cisco FXOS and NX-OS Software Security Advisory Collection, which includes 24 Cisco Security Advisories that describe 24 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: June 2018 Cisco FXOS and NX-OS Software Security Advisory Collection ["https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-67770"]. BEGIN PGP SIGNATURE iQJ5BAEBAgBjBQJbKnqvXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfczc/oQAL1IFeiENl514mY5D3lrIU2kVTN9 R4E1cq9RTfGlxrtWv9efkG6WelEek9Z57DhBTG5CFXxBDL+YC1cOguojHn+3ohGb aojBV3pTRatBXtv4Z8CnYVwib/Ay0J8YRqUGFfH2IcCpCNe2hChGhczAm2l9l7L1 d+AUBP9RNoYWc1XyWedioiDA6VQKPl/LortAONui5QLufiZWEpw9U8xzoH7Nd4uF uPz+5ji0NdelRxx+OYL4D/2gML+4p8HTA0Bd/+U2XnKMCPO23pGtOyf/xBxPoxb7 Jg5JaMeFNkl9R5QwamqEad+nTtFF76Z8GB5R81ud/r3UWIyo7Pyvh/H2ba/mciCN ZlYIQX2mN8kKH/a1HCkTEXwys6ohJ2CsAY0E2ivzTaFgjICM7iI+6e3lS8MJC0lg WWvT5Fpn8kmoZwgXCgi/y84/wX96JmJT0RRi8/9TzdfYZuiQxSyBb8M9cHGs+EZC xBeEXs19WgapptPi2XXJphkprSUNUtxOHaMnOYMYzxz9lmaB+AFWBSlPZwDAby6e ve/4g0xO5pnPhzD2qjG236mjEGhP13uLJnE7BpUksPLKlcq4I2K2inDdxxI8z06U Sgib5SZ+ZDEpI7PQ4vGJLe2XdQcrCWmk6dJYFaOQ9JXEYXdbCSIr6wLEzqmDuI8T V7cS/jLtAnU1iOqV =dt4c END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-125 | Out-of-bounds Read |
CPE : Common Platform Enumeration
Snort® IPS/IDS
Date | Description |
---|---|
2020-12-05 | Cisco NX-OS Fabric Services Protocol denial of service attempt RuleID : 46994 - Revision : 1 - Type : SERVER-OTHER |
2020-12-05 | Cisco NX-OS Fabric Services Protocol denial of service attempt RuleID : 46993 - Revision : 1 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2018-06-25 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20180620-cfs.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2020-12-05 21:23:46 |
|
2018-08-14 00:21:35 |
|
2018-06-21 17:21:16 |
|
2018-06-20 21:19:34 |
|