CVE-2018-0305 — NULL Pointer Dereference in Cisco Firepower 9000 Firmware

CWE-476 — NULL Pointer Dereference4 documents4 sources

Severity

8.6HIGHNVD

EPSS

0.6%

top 29.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Firepower 9000 Firmware Cisco Nexus 5000 Firmware Cisco Nexus 7000 Firmware +2 more

Timeline

PublishedJun 21

Latest updateMay 13

Description

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability exists because the affected software insufficiently validates Cisco Fabric Services packets. An attacker could exploit this vulnerability by sending a crafted Cisco Fabric Services packet to an affected device. A successful exploit could allow the attacker to fo…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages5 packages

▶NVDcisco/nexus_9000_firmware8.1\(0\)bd\(0.20\), 8.1\(1\)s5+1

▶NVDcisco/nexus_7000_firmware8.0\(1\)

▶NVDcisco/nexus_5000_firmware7.0\(0\)hsk\(0.357\), 8.1\(0.2\)s0, 8.8\(0.1\)+2

▶NVDcisco/firepower_9000_firmwarer211, r231+1

▶NVDcisco/unified_computing_system_firmware3.1\(3a\)a, 7.0\(0\)hsk\(0.357\)+1

🔴Vulnerability Details

GHSA

GHSA-f684-4cqg-v8mf: A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker↗2022-05-13

▶

CVEList

CVE-2018-0305: A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker↗2018-06-21

▶

📋Vendor Advisories

Cisco

Cisco FXOS and NX-OS Software Cisco Fabric Services Denial of Service Vulnerability↗2018-06-20

▶