Executive Summary
Summary | |
---|---|
Title | Cisco FXOS and NX-OS Software Cisco Fabric Services Arbitrary Code Execution Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20180620-fx-os-fabric-execution | First vendor Publication | 2018-06-20 |
Vendor | Cisco | Last vendor Modification | 2018-06-20 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in the Cisco Fabric Services (CFS) component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability exists because the affected software insufficiently validates Cisco Fabric Services packet headers when the software processes packet data. An attacker could exploit this vulnerability by sending a maliciously crafted Cisco Fabric Services packet to an affected device. A successful exploit could allow the attacker to cause a buffer overflow condition on the device, which could allow the attacker to execute arbitrary code on the device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fx-os-fabric-execution ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fx-os-fabric-execution"] This advisory is part of the June 2018 Cisco FXOS and NX-OS Software Security Advisory Collection, which includes 24 Cisco Security Advisories that describe 24 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: June 2018 Cisco FXOS and NX-OS Software Security Advisory Collection ["https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-67770"]. BEGIN PGP SIGNATURE iQJ5BAEBAgBjBQJbKnq7XBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfczYwAQAI7Th/Ejbhx8pPk2y09IxCCDknju z0f3ViNwzOzunPVYg2DG+jlxRjjWXGtJU+ScpH+pBJeMQm9PGtbpdIKjBKcb8WpK 9j5m8HS2SeCL/JhujvRs/b/s1B9iUtYZqB6zGuo5OqekBW2hdFPK2aPwPbgKrBer jFjmOzvpSnhapL+OeAsahlKuPuUMc8KjVeNvqVZoxVB63d3z8OAMQkHDvsWgHY/B g1HQLqqT2ajUKy+K3vZM+52jUiiQI+W5HYHXgcwfChfjmr84ZnnOWo8Jvj4Fm7pA 8SwZsGfpCyzSCvPG57DSVvwL7cWgb0w43t89eOG0f8lmF7LEPOa+anAb2IFzgmQJ sDi5Wt2wwBqDblkLjhr7v7kiDftVXnzsd5LWsXCy428HAlSoCVdtTxKCLXJb6y02 4LqPEVkBLccAReRJLoe7tVkAgd7AA7vosoa11Uazivdpn/DxvFE/hBYxgPU2rtiX q3LCzJWmXU3uiIJcLJzqG95LxqAvt85alwl381bgFzMSqQ5CPEPfTsdwiI901wwj FMz4TeiAjs9mrqD7yRcRzEOv5mf6tMThXUSH7pNytJnGGJv1pONwOaT3oSTr3UBi +qgPLL9YZrxE9B7QR9iGJVkSQsZ5K4rRov7M0S+bsPh9BIX6JM/jo+lxTAtNUFil qoVoz8OcO3nEB0FH =iSl6 END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 2 | |
Os | 3 | |
Os | 3 | |
Os | 1 | |
Os | 2 |
Snort® IPS/IDS
Date | Description |
---|---|
2020-12-05 | Cisco NX-OS Fabric Services Protocol stack buffer overflow attempt RuleID : 47004 - Revision : 1 - Type : SERVER-OTHER |
2020-12-05 | Cisco NX-OS Fabric Services Protocol stack buffer overflow attempt RuleID : 47003 - Revision : 1 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2018-06-25 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20180620-cfs.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2020-12-05 21:23:46 |
|
2018-08-14 00:21:35 |
|
2018-06-21 00:21:09 |
|
2018-06-20 21:19:39 |
|