Executive Summary
| Summary | |
|---|---|
| Title | Cisco NX-OS Software Internet Group Management Protocol Snooping Remote Code Execution and Denial of Service Vulnerability |
| Informations | |||
|---|---|---|---|
| Name | cisco-sa-20180620-nxosigmp | First vendor Publication | 2018-06-20 |
| Vendor | Cisco | Last vendor Modification | 2018-06-20 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:A/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 8.3 | Attack Range | Adjacent network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 6.5 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A vulnerability in the Internet Group Management Protocol (IGMP) Snooping feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code and gain full control of an affected system. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to a buffer overflow condition in the IGMP Snooping subsystem. An attacker could exploit this vulnerability by sending crafted IGMP packets to an affected system. An exploit could allow the attacker to execute arbitrary code and gain full control of the affected system or cause the affected system to reload, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxosigmp ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxosigmp"] This advisory is part of the June 2018 Cisco FXOS and NX-OS Software Security Advisory Collection, which includes 24 Cisco Security Advisories that describe 24 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: June 2018 Cisco FXOS and NX-OS Software Security Advisory Collection ["https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-67770"]. BEGIN PGP SIGNATURE iQJ5BAEBAgBjBQJbKnqGXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfczGMgP/0OVYpwLEjZOEq28YzLdFTKjOcQN hkAiI+3xhTs5BJ+xj3l3BKdIev4Sm/P8pCpkaAAfKwtZFcfwEwH4wyPF35hP4iVr 3r57q3F2927A9mUgfaQtqMGt0Mdydu7VNHCL2er39X+Fz28dl1f+caqEeIcBJFfE 7IhNrpX3stDIKjSfG6RHGxQzrR+oIEECwn9zaQkzbtoqMMbe2elGgMydc+IlCiVi 4SK4Ixy9dWzElNoRI1iuWGBDkZYtes8d7Q6/AXuMORNaWPz5lb7Wx/cyX844H1k7 8PZYCVIKQ8puH9zrPbTENo86zhde9mffdYCyBJ9cyk8OMVDcMIz9KKfHL3WJsZ+/ Y9SJ6onixhvreTXsUgO2ID8B/eQSsECSSqn9EJWkX6o1GRvmTXkt5C4YqjiFjgJS Z95VKXEkwZjS7FIwlcAGexg8lEMdm+zzy8KCVzwxeTxwjJN7Ln4I0u45VYFFu62W jPNzn2vnsG9X5zpBRGSoaGDNdtu2NUnbvo4fitwi2MF06C8mQufwASF/gWUb9v+b 7wTf8a23fVQRvOcZ7GPHpjp4v/xcAQpbtV6DCP50PE3ON7r4NtHE/UzslI0w/wBW 6n0jd+uZmpNTLZ4JfD1zpVVvU3cEJf45QfnDQsL3uYUrQITDyIE7MEQGdPf8tY3Y Hpris2dOqXdAy7px =JhQn END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
| Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
Alert History
| Date | Informations |
|---|---|
| 2018-08-21 17:21:45 |
|
| 2018-06-21 00:21:09 |
|
| 2018-06-20 21:19:16 |
|
