Executive Summary
Summary | |
---|---|
Title | Cisco NX-OS Software NX-API Arbitrary Code Execution Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20180620-nxos-bo | First vendor Publication | 2018-06-20 |
Vendor | Cisco | Last vendor Modification | 2018-06-20 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to craft a packet to the management interface on an affected system, causing a buffer overflow. The vulnerability is due to incorrect input validation in the authentication module of the NX-API subsystem. An attacker could exploit this vulnerability by sending a crafted HTTP or HTTPS packet to the management interface of an affected system with the NX-API feature enabled. An exploit could allow the attacker to execute arbitrary code as root. Note: NX-API is disabled by default. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxos-bo ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxos-bo"] This advisory is part of the June 2018 Cisco FXOS and NX-OS Software Security Advisory Collection, which includes 24 Cisco Security Advisories that describe 24 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: June 2018 Cisco FXOS and NX-OS Software Security Advisory Collection ["https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-67770"]. BEGIN PGP SIGNATURE iQJ5BAEBAgBjBQJbKnqVXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfczA5UP/RONfMWnFAwB9o7cyK2ta9eWbmwb XWZ4VxQXUkE42LTiAZTWzEzEneymuy2Vw4tfYdQyuXWAptjpoUqNjeV3x37XSLjl YezaGVRw8EOaVi3D16noNw+WjPQ+JINQZ/NjOAsRbdQSwJICotqJ9s5QnXUsPb1a roKXNOj8tchMaUBaGSi1neUT9oK7f+ndtMytWeMQqVG9GtTJ3NdNr3BDdyeItknM vLqEDtJl4tfyAkQv5CU1m1kpuB+oXzas4l09qttcTqS+FCh8TZ20G0qVV9KI0T6L Mn9DHVpZP9E5DYgbdTra005iv14MCnfaIGBFccA9RNKTifeBL3j2OSy38ZcmHNW5 DbyjAT+SM23Z7CFRskcEeBWWwsmXoxSeB/HRkrbRuqYog+0X8PGaAdIwESQddeIl zufUwythsyb2xFzCgNMZh1dTVCqe05Ec91MHfKtx57nUDqKFZ0vVKO+Q9qVrcMrf +pLAOy6ZtBWiHeIl5rra1vFPGHjEYnmEsVjzxebRKLeREsGAO4O+J6Z3uK+ocgjB eCeI9GKyflFBmLvjgvx4uGLbkXH6s6N520uoECL9bTT3s7j7/KxphCDV+lv6p+9I gdPfh7/Pc9aIAYP8hsgvGScAjlBxLSrB7lAEQpZSuZKj3NR303slt8ZNOucOunOE A04L/a476EpOhgIH =EQSD END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2018-06-25 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20180620-nxapi.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2018-08-21 21:22:12 |
|
2018-06-21 00:21:09 |
|
2018-06-20 21:19:21 |
|