Executive Summary
Summary | |
---|---|
Title | Cisco FXOS and NX-OS Software Cisco Fabric Services Arbitrary Code Execution Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20180620-fx-os-cli-execution | First vendor Publication | 2018-06-20 |
Vendor | Cisco | Last vendor Modification | 2018-06-20 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. The vulnerability exists because the affected software insufficiently validates Cisco Fabric Services packet headers when the software processes packet data. An attacker could exploit this vulnerability by sending a maliciously crafted Cisco Fabric Services packet to an affected device. A successful exploit could allow the attacker to cause a buffer overflow condition on the device, which could allow the attacker to execute arbitrary code or cause a DoS condition on the device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fx-os-cli-execution ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fx-os-cli-execution"] This advisory is part of the June 2018 Cisco FXOS and NX-OS Software Security Advisory Collection, which includes 24 Cisco Security Advisories that describe 24 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: June 2018 Cisco FXOS and NX-OS Software Security Advisory Collection ["https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-67770"]. BEGIN PGP SIGNATURE iQJ5BAEBAgBjBQJbKnq1XBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfczVN0P/jB3Cj9zm3ehU6ayMFNewNFjaWoy DJUTiy4kVe/F+YaMiflNdrq4VWvIRGiDbIVI4kkiuMeiT1GaYwdJqkpRZXBvFBYS eE7a1Cd64/eym7JNZ0jzk5XuJYYMTdGLxCUJ33Acu5nPtCnb5gf1gT2CvvmfABIu MPbS368xpgZzwkMZNmSUDA3GbdduaFtFSSVGLMEej/Uh+G6vPZDhE0RrSauGUuh3 Fdfl+mwGbSJp2iPghay9t1DbQkZbJcOF4BbS+ocRBFoI3wNo7ME8bzVchlDkwD+h gQm1b/mgv/kiW+0mgX3/8VeDJcaQJ/8LDAIqqK5vUNU43w9Gsjs4+5zOYeTrrXKd 0AfTfzxrSsfNVcShQ8wmunTw9ZtNk7kIGItuUavnJ6dmBIJDS2O7KDY1dUwXFgEp FDcqeu86YditLf0itghhDjr9coyYIahZLs4UprdcO5bBEM09LVOB60S2It6IJcW4 JlL8jrKuvkaK0x7Rtg5LhCRmWuieJZEi7ufd5iWYnRcYxCkh5M4bcgkrTnT0j9lJ svqcL1jk3G68HAo7Ye1xV6Mu1dz7j8foGqFCtBHD8sePMZQo7CxmD7dR14d/RnHd uF73FYYEgo3bQzcCNhyqtr0CPxwHmvaoTFl/8wkyYA+46vhCk/LmimVCp2PJyHCx SVBAm0BJG5/Xc1Qt =Lw9J END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 2 | |
Os | 1 | |
Os | 3 | |
Os | 2 | |
Os | 1 |
Snort® IPS/IDS
Date | Description |
---|---|
2020-12-05 | Cisco NX-OS Fabric Services Protocol heap buffer overflow attempt RuleID : 46996 - Revision : 1 - Type : SERVER-OTHER |
2020-12-05 | Cisco NX-OS Fabric Services Protocol heap buffer overflow attempt RuleID : 46995 - Revision : 1 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2018-06-25 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20180620-cfs.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2020-12-05 21:23:46 |
|
2018-08-14 00:21:35 |
|
2018-06-21 00:21:09 |
|
2018-06-20 21:19:36 |
|