cbcvebase.
CVE-2018-0301
published 2018-06-20

CVE-2018-0301: A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to craft a packet to the management interface on…

PriorityP275critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
17.67%
96.8th percentile
A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to craft a packet to the management interface on an affected system, causing a buffer overflow. The vulnerability is due to incorrect input validation in the authentication module of the NX-API subsystem. An attacker could exploit this vulnerability by sending a crafted HTTP or HTTPS packet to the management interface of an affected system with the NX-API feature enabled. An exploit could allow the attacker to execute arbitrary code as root. Note: NX-API is disabled by default. This vulnerability affects: MDS 9000 Series Multilayer Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCvd45804, CSCve02322, CSCve02412.

Affected

17 ranges
VendorProductVersion rangeFixed in
cisconx-os< 7.0\(3\)i47.0\(3\)i4
cisconx-os
cisconx-os
cisconx-os
cisconx-os
cisconx-os
cisconx-os
cisconx-os
cisconx-os
cisconx-os
cisconx-os
cisconx-os>= 6.0 < 7.3\(3\)n1\(1\)7.3\(3\)n1\(1\)
cisconx-os>= 7.0\(3\)i5 < 7.0\(3\)i7\(1\)7.0\(3\)i7\(1\)
cisconx-os>= 7.2 < 7.3\(2\)d1\(1\)7.3\(2\)d1\(1\)
cisconx-os>= 7.3 < 7.3\(3\)n1\(1\)7.3\(3\)n1\(1\)
cisconx-os>= 7.3 < 8.1\(1\)8.1\(1\)
cisconx-os>= 8.0 < 8.1\(1\)8.1\(1\)

Detection & IOCsextracted from sources · hover to see the quote

  • Exploit vector targets the NX-API authentication module via crafted HTTP or HTTPS packets to the management interface; monitor for anomalous or malformed HTTP/HTTPS requests to the NX-OS management interface when NX-API is enabled
  • Successful exploitation results in arbitrary code execution as root; alert on unexpected root-level process spawning from the NX-API subsystem (nxapi-related processes)
  • Vulnerability is in the authentication module of the NX-API subsystem; focus inspection/logging on authentication-phase traffic to the NX-API endpoint, as the overflow occurs before authentication succeeds (unauthenticated attacker)
  • ·NX-API is disabled by default; this vulnerability is only exploitable on devices where NX-API has been explicitly enabled. Audit device configurations to confirm NX-API status before prioritizing detection efforts.
  • ·The vulnerability affects a broad range of Cisco NX-OS platforms; ensure detection and patching scope covers all listed product families: MDS 9000, Nexus 2000, 3000, 3500, 5500, 5600, 6000, 7000, 7700, 9000 (standalone NX-OS mode), and Nexus 9500 R-Series Line Cards and Fabric Modules.
  • ·There are no workarounds available; patching via Cisco software updates is the only remediation. Track Cisco Bug IDs CSCvd45804, CSCve02322, and CSCve02412 for fix availability per platform.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_cisco9.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.