CVE-2018-0308Improper Input Validation in Cisco Firepower 9000 Firmware

CWE-20Improper Input ValidationCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
3.7%
top 12.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Cisco Firepower 9000 FirmwareCisco Nexus 5000 FirmwareCisco Nexus 7000 Firmware+2 more
Timeline
PublishedJun 20
Latest updateMay 13

Description

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. The vulnerability exists because the affected software insufficiently validates header values in Cisco Fabric Services packets. An attacker could exploit this vulnerability by sending a crafted Cisco Fabric Services packet to an affected device. A successful exploit could allo

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages5 packages

NVDcisco/nexus_9000_firmware8.1\(0\)bd\(0.20\), 8.1\(1\)s4+1
NVDcisco/nexus_7000_firmware7.3\(2\)d1\(0.49\), 8.0\(1\), 8.1\(0.112\)s0+2
NVDcisco/nexus_5000_firmware7.0\(0\)hsk\(0.357\), 7.3\(0\)d1\(0.98\), 8.1\(0.2\)s0+2
NVDcisco/unified_computing_system_firmware3.1\(3a\)a, 7.0\(0\)hsk\(0.357\)+1

🔴Vulnerability Details

2
GHSA
GHSA-94mg-qmmm-pwch: A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker2022-05-13
CVEList
CVE-2018-0308: A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker2018-06-20

📋Vendor Advisories

1
Cisco
Cisco FXOS and NX-OS Software Cisco Fabric Services Arbitrary Code Execution Vulnerability2018-06-20
CVE-2018-0308 — Improper Input Validation in Cisco | cvebase