CVE-2018-0301Improper Input Validation in Cisco Nx-os

CWE-20Improper Input ValidationCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents5 sources
Severity
9.8CRITICALNVD
EPSS
1.3%
top 19.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Nx-os
Timeline
PublishedJun 20
Latest updateMay 13

Description

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to craft a packet to the management interface on an affected system, causing a buffer overflow. The vulnerability is due to incorrect input validation in the authentication module of the NX-API subsystem. An attacker could exploit this vulnerability by sending a crafted HTTP or HTTPS packet to the management interface of an affected system with the NX-API feature enabled. An exploit coul

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDcisco/nx-os6.07.3\(3\)n1\(1\)+15

🔴Vulnerability Details

2
GHSA
GHSA-jpgw-r8hc-2x2x: A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to craft a packet to the management inte2022-05-13
CVEList
CVE-2018-0301: A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to craft a packet to the management inte2018-06-20

📋Vendor Advisories

1
Cisco
Cisco NX-OS Software NX-API Arbitrary Code Execution Vulnerability2018-06-20

🕵️Threat Intelligence

2
Tenable
Cisco ASA Exploited in the Wild; FXOS, NX-OS Get High-Priority Patches2018-06-26
Tenable
Cisco ASA Exploited in the Wild; FXOS, NX-OS Get High-Priority Patches2018-06-26
CVE-2018-0301 — Improper Input Validation in Cisco | cvebase