cbcvebase.
CVE-2018-0313
published 2018-06-21

CVE-2018-0313: A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to send a malicious packet to the management…

PriorityP262high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
4.00%
89.2th percentile
A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to send a malicious packet to the management interface on an affected system and execute a command-injection exploit. The vulnerability is due to incorrect input validation of user-supplied data to the NX-API subsystem. An attacker could exploit this vulnerability by sending a malicious HTTP or HTTPS packet to the management interface of an affected system that has the NX-API feature enabled. A successful exploit could allow the attacker to execute arbitrary commands with root privileges. Note: NX-API is disabled by default. This vulnerability affects MDS 9000 Series Multilayer Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCvd47415, CSCve03216, CSCve03224, CSCve03234.

Affected

6 ranges
VendorProductVersion rangeFixed in
cisconx-os
cisconx-os
cisconx-os
cisconx-os
cisconx-os
cisconx-os

Detection & IOCsextracted from sources · hover to see the quote

  • Exploit vector targets the NX-API management interface via malicious HTTP or HTTPS packets; monitor for anomalous or crafted requests to the NX-API endpoint on affected Cisco NX-OS devices
  • NX-API is disabled by default; audit devices for unexpected enablement of the NX-API feature as a precursor indicator of targeted exploitation setup
  • Successful exploitation results in arbitrary command execution with root privileges; alert on unexpected root-level process spawning from NX-API service processes on NX-OS devices
  • Track Cisco Bug IDs CSCvd47415, CSCve03216, CSCve03224, CSCve03234 for patch status across affected NX-OS platforms (MDS 9000, Nexus 2000/3000/3500/5500/5600/6000/7000/7700/9000/9500)
  • ·Vulnerability only exploitable when NX-API feature is explicitly enabled; default configurations are not exposed
  • ·No workarounds exist; remediation requires applying Cisco software updates
  • ·Attacker must be authenticated to exploit this vulnerability; unauthenticated remote exploitation is not possible

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
vendor_cisco8.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.