SB2018011902 - Multiple vulnerabilities in Cisco NX-OS

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018011902

SB2018011902 - Multiple vulnerabilities in Cisco NX-OS

Published: January 19, 2018

Security Bulletin ID SB2018011902
Severity
Low
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Security restrictions bypass (CVE-ID: CVE-2018-0092)

The vulnerability allows a local attacker to improperly delete valid user accounts.

The weakness exists in the network-operator user role implementation for Cisco NX-OS System Software due to a lack of proper role-based access control (RBAC) checks for the actions that a user with the network-operator role is allowed to perform. A local attacker can authenticate to the device with user credentials that give that user the network-operator role and impact the integrity of the device by deleting configured user credentials.

2) Denial of service (CVE-ID: CVE-2018-0090)

The vulnerability allows a remote attacker to cause DoS on the target system.

The weakness exists in management interface access control list (ACL) configuration of Cisco NX-OS System Software due to a bad code fix in the code train that could allow traffic to the management interface to be misclassified and not match the proper configured ACLs. A remote attacker can send specially crafted traffic to the management interface, bypass the configured management interface ACLs and impact the CPU of the targeted device, resulting in a DoS condition.

3) Denial of service (CVE-ID: CVE-2018-0102)

The vulnerability allows an adjacent attacker to cause DoS on the target system.

The weakness exists in the Pong tool of Cisco NX-OS Software due to affected software attempts to free the same area of memory twice. An adjacent attacker can send a pong request to an affected device from a location on the network, trigger the pong reply packet to egress both a FabricPath port and a non-FabricPath port and cause a dual or quad supervisor virtual port-channel (vPC) to reload.

Note: This vulnerability is exploitable only when all of the following are true:
  1. The Pong tool is enabled on an affected device. The Pong tool is disabled in NX-OS by default.
  2. The FabricPath feature is enabled on an affected device. The FabricPath feature is disabled in NX-OS by default.
  3. A FabricPath port is actively monitored via a Switched Port Analyzer (SPAN) session. SPAN sessions are not configured or enabled in NX-OS by default.


Remediation

Install update from vendor's website.

References