Multiple vulnerabilities in Cisco NX-OS
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2018-0092 CVE-2018-0090 CVE-2018-0102 |
| CWE-ID | CWE-264 CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Cisco NX-OS Operating systems & Components / Operating system |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Security restrictions bypass
EUVDB-ID: #VU10106
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0092
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to improperly delete valid user accounts.
The weakness exists in the network-operator user role implementation for Cisco NX-OS System Software due to a lack of proper role-based access control (RBAC) checks for the
actions that a user with the network-operator role is allowed to
perform. A local attacker can authenticate to the device with user credentials that give that user the
network-operator role and impact the integrity of the device by
deleting configured user credentials.
Update to version 7.0(3)I6(2) or 7.0(3)I7(2).
Cisco NX-OS: 7.0.3 I5.2 - 7.0.3 I7.1
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-nxos1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Denial of service
EUVDB-ID: #VU10107
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0090
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS on the target system.
The weakness exists in management interface access control list (ACL) configuration of Cisco NX-OS System Software due to a bad code fix in the code train that could allow traffic to the management interface to be misclassified and not match the proper configured ACLs. A remote attacker can send specially crafted traffic to the management interface, bypass the
configured management interface ACLs and impact the CPU of the targeted
device, resulting in a DoS condition.
The vulnerability is fixed in the following versions: 8.2(0)SK(0.170), 8.1(1.4)S0, 7.3(3)N1(1), 7.3(3)N1(0.480), 7.3(3)N1(0.3), 7.3(3)D1(0.4), 7.3(2)D1(2), 7.3(2)D1(1A).
Cisco NX-OS: 7.3.2 N1.0.6 - 8.8.3.5 S0
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-nxos
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Denial of service
EUVDB-ID: #VU10108
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0102
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to cause DoS on the target system.
The weakness exists in the Pong tool of Cisco NX-OS Software due to affected software attempts to free the same area of memory twice. An adjacent attacker can send a pong request to an affected device from a location on the network, trigger the pong reply packet to egress both a FabricPath port and a non-FabricPath port and cause a dual or quad supervisor virtual port-channel (vPC) to reload.
Note: This vulnerability is exploitable only when all of the following are true:
- The Pong tool is enabled on an affected device. The Pong tool is disabled in NX-OS by default.
- The FabricPath feature is enabled on an affected device. The FabricPath feature is disabled in NX-OS by default.
- A FabricPath port is actively monitored via a Switched Port Analyzer (SPAN) session. SPAN sessions are not configured or enabled in NX-OS by default.
Mitigation
Install update from vendor's website.
Cisco NX-OS: 7.2.1 D.1 - 7.2.2 D1.2
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-nx-os
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
