CVE-2018-0313Improper Input Validation in Cisco Nx-os

CWE-20Improper Input ValidationCWE-74Injection4 documents4 sources
Severity
8.8HIGHNVD
EPSS
0.8%
top 26.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Nx-os
Timeline
PublishedJun 21
Latest updateMay 13

Description

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to send a malicious packet to the management interface on an affected system and execute a command-injection exploit. The vulnerability is due to incorrect input validation of user-supplied data to the NX-API subsystem. An attacker could exploit this vulnerability by sending a malicious HTTP or HTTPS packet to the management interface of an affected system that has the NX-API feature enabl

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

NVDcisco/nx-os5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-c7v6-mhfv-qgg2: A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to send a malicious packet to the manageme2022-05-13
CVEList
CVE-2018-0313: A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to send a malicious packet to the manageme2018-06-21

📋Vendor Advisories

1
Cisco
Cisco NX-OS Software NX-API Arbitrary Command Execution Vulnerability2018-06-20
CVE-2018-0313 — Improper Input Validation in Cisco | cvebase