CVE-2018-0304Improper Input Validation in Cisco Firepower 9000 Firmware

CWE-20Improper Input ValidationCWE-125Out-of-bounds Read4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
5.8%
top 9.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Cisco Firepower 9000 FirmwareCisco Nexus 5000 FirmwareCisco Nexus 7000 Firmware+2 more
Timeline
PublishedJun 20
Latest updateMay 13

Description

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to read sensitive memory content, create a denial of service (DoS) condition, or execute arbitrary code as root. The vulnerability exists because the affected software insufficiently validates Cisco Fabric Services packet headers. An attacker could exploit this vulnerability by sending a crafted Cisco Fabric Services packet to an affected device.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages5 packages

NVDcisco/nexus_9000_firmware8.1\(0\)bd\(0.20\), 8.1\(1\)s4+1
NVDcisco/nexus_7000_firmware7.3\(2\)d1\(0.49\), 8.0\(1\), 8.1\(0.112\)s0+2
NVDcisco/nexus_5000_firmware7.0\(0\)hsk\(0.357\), 7.3\(0\)d1\(0.98\), 8.1\(0.2\)s0+2
NVDcisco/unified_computing_system_firmware3.1\(3a\)a, 7.0\(0\)hsk\(0.357\)+1

🔴Vulnerability Details

2
GHSA
GHSA-95f8-9g2q-vh9q: A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker2022-05-13
CVEList
CVE-2018-0304: A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker2018-06-20

📋Vendor Advisories

1
Cisco
Cisco FXOS and NX-OS Software Cisco Fabric Services Arbitrary Code Execution Vulnerability2018-06-20
CVE-2018-0304 — Improper Input Validation in Cisco | cvebase