#VU13445 Buffer overflow in Cisco NX-OS - CVE-2018-0311

Cybersecurity Help s.r.o.

Published: 2018-06-20 | Updated: 2018-06-25

Vulnerability identifier: #VU13445

Vulnerability risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2018-0311

CWE-ID: CWE-120

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Cisco NX-OS
Operating systems & Components / Operating system

Vendor: Cisco Systems, Inc

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability in the Cisco Fabric Services component exists due to buffer overflow insufficient validation of Cisco Fabric Services packets when the software processes packet data. A remote attacker can send a maliciously crafted Cisco Fabric Services packet, trigger memory corruption and cause the service to crash.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Cisco NX-OS: All versions

External links
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nx-os-fabric...

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Cisco UCS Fabric Interconnects

Multiple vulnerabilities in Cisco FXOS

Multiple vulnerabilities in Cisco NX-OS