CVE-2018-0314Improper Input Validation in Cisco Firepower 9000 Firmware

CWE-20Improper Input ValidationCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
5.0%
top 10.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Cisco Firepower 9000 FirmwareCisco Nexus 5000 FirmwareCisco Nexus 7000 Firmware+2 more
Timeline
PublishedJun 20
Latest updateMay 13

Description

A vulnerability in the Cisco Fabric Services (CFS) component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability exists because the affected software insufficiently validates Cisco Fabric Services packet headers when the software processes packet data. An attacker could exploit this vulnerability by sending a maliciously crafted Cisco Fabric Services packet to an affected device. A succ

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages5 packages

NVDcisco/nexus_9000_firmware8.1\(0\)bd\(0.20\)
NVDcisco/nexus_7000_firmware7.3\(2\)d1\(0.49\), 8.0\(1\), 8.1\(0.112\)s0+2
NVDcisco/nexus_5000_firmware7.0\(0\)hsk\(0.357\), 8.1\(0.2\)s0, 8.8\(0.1\)+2
NVDcisco/unified_computing_system_firmware3.1\(3a\)a, 7.0\(0\)hsk\(0.357\)+1

🔴Vulnerability Details

2
GHSA
GHSA-2vp6-fh8g-28xh: A vulnerability in the Cisco Fabric Services (CFS) component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote at2022-05-13
CVEList
CVE-2018-0314: A vulnerability in the Cisco Fabric Services (CFS) component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote at2018-06-20

📋Vendor Advisories

1
Cisco
Cisco FXOS and NX-OS Software Cisco Fabric Services Arbitrary Code Execution Vulnerability2018-06-20
CVE-2018-0314 — Improper Input Validation in Cisco | cvebase