CVE-2018-0292Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco Nx-os

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
8.8HIGHNVD
EPSS
0.2%
top 53.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Nx-os
Timeline
PublishedJun 20
Latest updateMay 13

Description

A vulnerability in the Internet Group Management Protocol (IGMP) Snooping feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code and gain full control of an affected system. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to a buffer overflow condition in the IGMP Snooping subsystem. An attacker could exploit this vulnerability by sending crafted IGMP packet

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

NVDcisco/nx-os6.07.3\(3\)n1\(1\)+4

🔴Vulnerability Details

2
GHSA
GHSA-654c-89hm-cqcw: A vulnerability in the Internet Group Management Protocol (IGMP) Snooping feature of Cisco NX-OS Software could allow an unauthenticated, adjacent att2022-05-13
CVEList
CVE-2018-0292: A vulnerability in the Internet Group Management Protocol (IGMP) Snooping feature of Cisco NX-OS Software could allow an unauthenticated, adjacent att2018-06-20

📋Vendor Advisories

1
Cisco
Cisco NX-OS Software Internet Group Management Protocol Snooping Remote Code Execution and Denial of Service Vulnerability2018-06-20
CVE-2018-0292 — Cisco Nx-os vulnerability | cvebase