Vulnslist

find the latest Cisco vulnerabilities

Cisco FXOS and NX-OS Software Cisco Fabric Services Arbitrary Code Execution Vulnerability

cisco-sa-20180620-fxnxos-fab-ace · Critical · Published · Updated

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. The vulnerability exists because the affected software insufficiently validates header values in Cisco Fabric Services packets. An attacker could exploit this vulnerability by sending a crafted Cisco Fabric Services packet to an affected device. A successful exploit could allow the attacker to cause a buffer overflow that could allow the attacker to execute arbitrary code or cause a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fxnxos-fab-ace This advisory is part of the June 2018 Cisco FXOS and NX-OS Software Security Advisory Collection, which includes 24 Cisco Security Advisories that describe 24 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: June 2018 Cisco FXOS and NX-OS Software Security Advisory Collection.

Cisco advisory · CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2018-0308
Cisco Bug IDsCSCve04859, CSCve02463, CSCve02804, CSCve02785, CSCvd69954, CSCve02787
CVSS ScoreBase 9.8
Base 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X
Product Names From Source
Cisco Unified Computing System (Managed), Cisco NX-OS Software 6.0(2)N1(1), Cisco NX-OS Software 6.0(2)N1(2), Cisco NX-OS Software 6.0(2)N1(2a), Cisco NX-OS Software 6.0(2)N2(1), Cisco NX-OS Software 6.0(2)N2(1b), Cisco NX-OS Software 6.0(2)N2(2), Cisco NX-OS Software 6.0(2)N2(3), Cisco NX-OS Software 6.0(2)N2(4), Cisco NX-OS Software 6.0(2)N2(5), Cisco NX-OS Software 6.0(2)N2(5a), Cisco NX-OS Software 6.0(2)N2(6), Cisco NX-OS Software 6.0(2)N2(7), Cisco NX-OS Software 6.1(2)I1(1), Cisco NX-OS Software 6.1(2)I3(3.78), Cisco NX-OS Software 6.1(2)I3(3b), Cisco NX-OS Software 7.0(3), Cisco NX-OS Software 7.0(2)I2(2c), Cisco NX-OS Software 7.0(2)N1(1a), Cisco NX-OS Software 7.0(6)N1(1c), Cisco NX-OS Software 7.1(0)N1(2), Cisco NX-OS Software 7.1(3)N1(1b), Cisco NX-OS Software 7.1(4)N1(1e), Cisco NX-OS Software 7.3(1)D1(1B), Cisco NX-OS Software 7.3(1)N1(0.1), Cisco Firepower Extensible Operating System (FXOS) 2.0.1.68, Cisco Firepower Extensible Operating System (FXOS), Cisco NX-OS Software

Related Products

Product CVE Evidence
Firepower Extensible Operating System CVE-2018-0308 Cisco OpenVuln
Cisco Unified Computing System (Managed) CVE-2018-0308 Cisco OpenVuln
Cisco NX-OS Software CVE-2018-0308 Cisco OpenVuln
Cisco Firepower Extensible Operating System (FXOS) CVE-2018-0308 Cisco OpenVuln
Cisco Firepower Extensible Operating System CVE-2018-0308 Cisco OpenVuln