CVE-2018-0310

CWE-399 CWE-125 — Out-of-bounds Read4 documents4 sources

Severity

9.8CRITICAL

EPSS

2.6%

top 14.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Firepower Extensible Operating System Cisco Nx-os

Timeline

PublishedJun 21

Latest updateMay 13

Description

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to obtain sensitive information from memory or cause a denial of service (DoS) condition on the affected product. The vulnerability exists because the affected software insufficiently validates header values in Cisco Fabric Services packets. An attacker could exploit this vulnerability by sending a crafted Cisco Fabric Services packet to an affect…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶NVDcisco/firepower_extensible_operating_system1.1 — 1.1.4.179+4

▶CVEListV5cisco_fxos_and_nx-os_unknownCisco FXOS and NX-OS unknown

▶NVDcisco/nx-os9 versions+8

🔴Vulnerability Details

GHSA

GHSA-hvrm-fpw8-36qp: A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker↗2022-05-13

▶

CVEList

CVE-2018-0310: A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker↗2018-06-21

▶

📋Vendor Advisories

Cisco

Cisco FXOS and NX-OS Software Cisco Fabric Services Denial of Service Vulnerability↗2018-06-20

▶