CVE-2018-0312 — Improper Input Validation in Cisco Firepower 9000 Firmware

CWE-20 — Improper Input Validation CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources

Severity

9.8CRITICALNVD

EPSS

6.9%

top 8.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Firepower 9000 Firmware Cisco Nexus 5000 Firmware Cisco Nexus 7000 Firmware +2 more

Timeline

PublishedJun 20

Latest updateMay 13

Description

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. The vulnerability exists because the affected software insufficiently validates Cisco Fabric Services packet headers when the software processes packet data. An attacker could exploit this vulnerability by sending a maliciously crafted Cisco Fabric Servic…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages5 packages

▶NVDcisco/nexus_9000_firmware8.1\(0\)bd\(0.20\), 8.1\(1\)s4+1

▶NVDcisco/nexus_7000_firmware7.3\(2\)d1\(0.49\), 8.0\(1\), 8.1\(0.112\)s0+2

▶NVDcisco/nexus_5000_firmware7.0\(0\)hsk\(0.357\)

▶NVDcisco/firepower_9000_firmwarer211, r231+1

▶NVDcisco/unified_computing_system_firmware3.1\(3a\)a

🔴Vulnerability Details

GHSA

GHSA-458f-3r9r-7r82: A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker↗2022-05-13

▶

CVEList

CVE-2018-0312: A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker↗2018-06-20

▶

📋Vendor Advisories

Cisco

Cisco FXOS and NX-OS Software Cisco Fabric Services Arbitrary Code Execution Vulnerability↗2018-06-20

▶