#VU13445 Buffer overflow in Cisco NX-OS - CVE-2018-0311
Published: June 20, 2018 / Updated: June 25, 2018
Vulnerability identifier: #VU13445
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2018-0311
CWE-ID: CWE-120
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Cisco NX-OS
Cisco NX-OS
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability in the Cisco Fabric Services component exists due to buffer overflow insufficient validation of Cisco Fabric Services packets when the software processes packet data. A remote attacker can send a maliciously crafted Cisco Fabric Services packet, trigger memory corruption and cause the service to crash.
Remediation
Install update from vendor's website.