SB2018062510 - Multiple vulnerabilities in Cisco UCS Fabric Interconnects
Published: June 25, 2018
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 12 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2018-0302)
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists in the CLI parser due to boundary error when incorrect input validation in the CLI parser subsystem. A local attacker can exceed the expected length of user input, trigger memory corruption and execute arbitrary code with root privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
2) Buffer overflow (CVE-ID: CVE-2018-0308)
The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.
The vulnerability exists in the Cisco Fabric Services component due to buffer overflow when insufficient validation of header values in Cisco Fabric Services packets. A remote unauthenticated attacker can send a specially crafted Cisco Fabric Services packet, trigger memory corruption and cause the service to crash or execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
3) Buffer overflow (CVE-ID: CVE-2018-0303)
The vulnerability allows an adjacent attacker to execute arbitrary code on the target system.
The vulnerability exists in the Cisco Discovery Protocol component due to buffer overflow when insufficient validation of Cisco Discovery Protocol packet headers. An adjacent attacker can send a specially crafted Cisco Discovery Protocol packet to a Layer 2 adjacent affected device, trigger memory corruption and cause the service to crash or execute arbitrary code with root privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
4) Memory corruption (CVE-ID: CVE-2018-0304)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to buffer overflow or buffer over-read condition in the Cisco Fabric Services component when insufficient validation of Cisco Fabric Services packet headers. A remote unauthenticated attacker can send a specially crafted Cisco Fabric Services packet, trigger memory corruption and read sensitive memory content, cause the service to crash or execute arbitrary code with root privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
5) Buffer overflow (CVE-ID: CVE-2018-0314)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists in the Cisco Fabric Services (CFS) component due to buffer overflow when insufficient validation of Cisco Fabric Services packet headers when the software processes packet data. A remote unauthenticated attacker can send a maliciously crafted Cisco Fabric Services packet, trigger memory corruption and execute arbitrary code on the device.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
6) Buffer overflow (CVE-ID: CVE-2018-0312)
The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.
The vulnerability exists due to boundary error when insufficient validation of Cisco Fabric Services packet headers when the software processes packet data. A remote unauthenticated attacker can send a maliciously crafted Cisco Fabric Services packet, trigger buffer overflow condition and cause the service to crash or execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
7) Buffer overflow (CVE-ID: CVE-2018-0311)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability in the Cisco Fabric Services component exists due to buffer overflow insufficient validation of Cisco Fabric Services packets when the software processes packet data. A remote attacker can send a maliciously crafted Cisco Fabric Services packet, trigger memory corruption and cause the service to crash.
8) Buffer over-read (CVE-ID: CVE-2018-0310)
The vulnerability allows a remote attacker to obtain potentially sensitive information or cause DoS condition on the target system.
The vulnerability exists in the Cisco Fabric Services component due to buffer over-read when insufficient validation of header values in Cisco Fabric Services packets. A remote unauthenticated attacker can send a specially crafted Cisco Fabric Services packet, trigger memory corruption and obtain sensitive information from memory or cause the service to crash.
9) Improper input validation (CVE-ID: CVE-2018-0331)
The vulnerability allows an adjacent attacker to cause DoS condition on the target system.
The vulnerability exists in the Cisco Discovery Protocol (formerly known as CDP) subsystem due to improper validation of certain fields within a Cisco Discovery Protocol message prior to processing it. An adjacent attacker can submit a Cisco Discovery Protocol message and cause the service to crash.
10) Null pointer dereference (CVE-ID: CVE-2018-0305)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists in the Cisco Fabric Services component due to insufficient validation of Cisco Fabric Services packets. A remote attacker can send a specially crafted Cisco Fabric Services packet, trigger a NULL pointer dereference and cause the service to crash.
11) Security restrictions bypass (CVE-ID: CVE-2018-0294)
The vulnerability allows a local attacker to configure an unauthorized administrator account for an affected device.
The vulnerability exists in the write-erase feature due to improper deletion of sensitive files when certain CLI commands are used to clear the device configuration and reload a device. A local attacker can log into an affected device as an administrative user and configure an unauthorized account for the device.
12) Buffer overflow (CVE-ID: CVE-2018-0298)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists in the web UI due to buffer overflow when handling malicious input. A remote attacker can send a malicious HTTP or HTTPS packet directed to the physical management interface and cause the process to crash and possibly reload the device.
Remediation
Install update from vendor's website.
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fxos-ace
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fxnxos-fab-a...
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fxnxos-dos
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fxnxos-ace
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fx-os-fabric...
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fx-os-cli-ex...
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nx-os-fabric...
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxos-cdp
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxosadmin
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fxos-dos