CVE-2018-0294

CWE-2645 documents5 sources

Severity

6.7MEDIUM

EPSS

0.3%

top 48.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Firepower Extensible Operating System Cisco Fxos Cisco Nx-os

Timeline

PublishedJun 20

Latest updateMay 13

Description

A vulnerability in the write-erase feature of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to configure an unauthorized administrator account for an affected device. The vulnerability exists because the affected software does not properly delete sensitive files when certain CLI commands are used to clear the device configuration and reload a device. An attacker could exploit this vulnerability by logging into an affected device as an administrative us…

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages4 packages

▶NVDcisco/firepower_extensible_operating_system2.1.1 — 2.1.1.86+1

▶NVDcisco/fxos1.1 — 2.0.1.159

▶CVEListV5cisco_fxos_and_nx-os_unknownCisco FXOS and NX-OS unknown

▶NVDcisco/nx-os5 versions+4

🔴Vulnerability Details

GHSA

GHSA-f392-wcr5-grrm: A vulnerability in the write-erase feature of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to configure a↗2022-05-13

▶

CVEList

CVE-2018-0294: A vulnerability in the write-erase feature of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to configure a↗2018-06-20

▶

📋Vendor Advisories

Cisco

Cisco FXOS and NX-OS Software Unauthorized Administrator Account Vulnerability↗2018-06-20

▶

💬Community

Bugzilla

CVE-2017-15089 infinispan: Unsafe deserialization of malicious object injected into data cache↗2017-10-18

▶