SB2018062508 - Multiple vulnerabilities in Cisco NX-OS
Published: June 25, 2018
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 20 secuirty vulnerabilities.
1) Improper input validation (CVE-ID: CVE-2018-0291)
The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The vulnerability exists in the Simple Network Management Protocol (SNMP) input packet processor due to improper validation of SNMP protocol data units (PDUs) in SNMP packets. A remote attacker can send a specially crafted SNMP packet and cause the SNMP application to restart multiple times, leading to a system-level restart and a denial of service condition.
2) Privilege escalation (CVE-ID: CVE-2018-0293)
The vulnerability allows a remote authenticated attacker to gain elevated privileges on the target system.
The vulnerability exists in role-based access control (RBAC)due to incorrect RBAC privilege assignment for certain CLI commands. A remote attacker can authenticate to a device as a nonadministrative user, executing specific commands from the CLI, gain elevated privileges and run arbitrary commands to modify the configuration or boot image on the device.
3) Buffer overflow (CVE-ID: CVE-2018-0292)
The vulnerability allows an adjacent attacker to cause DoS condition or execute arbitrary code on the target system.
The vulnerability exists in the Internet Group Management Protocol (IGMP) Snooping feature due to boundary error when handling malicious input. An adjacent attacker can send a specially crafted IGMP packets, trigger memory corruption and cause the service to crash or execute arbitrary code and gain full control of the affected system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
4) Command injection (CVE-ID: CVE-2018-0313)
The vulnerability allows a remote authenticated attacker to execute arbitrary commands on the target system.
The vulnerability exists in the NX-API feature of Cisco NX-OS Software due to incorrect input validation of user-supplied data to the NX-API subsystem. A remote attacker can send a malicious HTTP or HTTPS packet to the management interface of an affected system that has the NX-API feature enabled, inject and execute arbitrary commands with root privileges.
5) Command injection (CVE-ID: CVE-2018-0306)
The vulnerability allows a local attacker to execute arbitrary commands on the target system.
The vulnerability exists in the CLI parser of Cisco NX-OS Software due to insufficient input validation of command arguments. A local attacker can inject malicious command arguments into a vulnerable CLI command and execute arbitrary commands with root privileges.
6) Command injection (CVE-ID: CVE-2018-0330)
The vulnerability allows a remote authenticated attacker to execute arbitrary commands on the target system.
The vulnerability exists in the NX-API management application programming interface (API) due to a failure to properly validate certain parameters included within an NX-API request. A remote attacker can authenticate to the NX-API, submit a specially crafted request designed to bypass NX-OS role assignment and execute arbitrary commands with elevated privileges.
7) Command injection (CVE-ID: CVE-2018-0337)
The vulnerability allows a local attacker to execute arbitrary commands on the target system.
The vulnerability exists in the role-based access-checking mechanisms of Cisco NX-OS Software due to improper input and validation checks for certain file systems. A local attacker can issue specially crafted commands in the CLI and execute unwanted, arbitrary commands.
8) Improper input validation (CVE-ID: CVE-2018-0295)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists in the Border Gateway Protocol (BGP) implementation of Cisco NX-OS Software due to incomplete input validation of the BGP update messages. A remote attacker can send a specially crafted BGP update message and cause the switch to reload unexpectedly.
9) Buffer overflow (CVE-ID: CVE-2018-0301)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists in the NX-API feature of Cisco NX-OS Software due to boundary error when incorrect input validation in the authentication module of the NX-API subsystem. A remote unauthenticated attacker can send a specially crafted HTTP or HTTPS packet to the management interface of an affected system with the NX-API feature enabled, trigger memory corruption and execute arbitrary code with root privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
10) Buffer overflow (CVE-ID: CVE-2018-0308)
The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.
The vulnerability exists in the Cisco Fabric Services component due to buffer overflow when insufficient validation of header values in Cisco Fabric Services packets. A remote unauthenticated attacker can send a specially crafted Cisco Fabric Services packet, trigger memory corruption and cause the service to crash or execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
11) Buffer overflow (CVE-ID: CVE-2018-0303)
The vulnerability allows an adjacent attacker to execute arbitrary code on the target system.
The vulnerability exists in the Cisco Discovery Protocol component due to buffer overflow when insufficient validation of Cisco Discovery Protocol packet headers. An adjacent attacker can send a specially crafted Cisco Discovery Protocol packet to a Layer 2 adjacent affected device, trigger memory corruption and cause the service to crash or execute arbitrary code with root privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
12) Memory corruption (CVE-ID: CVE-2018-0304)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to buffer overflow or buffer over-read condition in the Cisco Fabric Services component when insufficient validation of Cisco Fabric Services packet headers. A remote unauthenticated attacker can send a specially crafted Cisco Fabric Services packet, trigger memory corruption and read sensitive memory content, cause the service to crash or execute arbitrary code with root privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
13) Buffer overflow (CVE-ID: CVE-2018-0314)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists in the Cisco Fabric Services (CFS) component due to buffer overflow when insufficient validation of Cisco Fabric Services packet headers when the software processes packet data. A remote unauthenticated attacker can send a maliciously crafted Cisco Fabric Services packet, trigger memory corruption and execute arbitrary code on the device.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
14) Buffer overflow (CVE-ID: CVE-2018-0312)
The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.
The vulnerability exists due to boundary error when insufficient validation of Cisco Fabric Services packet headers when the software processes packet data. A remote unauthenticated attacker can send a maliciously crafted Cisco Fabric Services packet, trigger buffer overflow condition and cause the service to crash or execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
15) Improper input validation (CVE-ID: CVE-2018-0331)
The vulnerability allows an adjacent attacker to cause DoS condition on the target system.
The vulnerability exists in the Cisco Discovery Protocol (formerly known as CDP) subsystem due to improper validation of certain fields within a Cisco Discovery Protocol message prior to processing it. An adjacent attacker can submit a Cisco Discovery Protocol message and cause the service to crash.
16) Buffer overflow (CVE-ID: CVE-2018-0311)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability in the Cisco Fabric Services component exists due to buffer overflow insufficient validation of Cisco Fabric Services packets when the software processes packet data. A remote attacker can send a maliciously crafted Cisco Fabric Services packet, trigger memory corruption and cause the service to crash.
17) Buffer over-read (CVE-ID: CVE-2018-0310)
The vulnerability allows a remote attacker to obtain potentially sensitive information or cause DoS condition on the target system.
The vulnerability exists in the Cisco Fabric Services component due to buffer over-read when insufficient validation of header values in Cisco Fabric Services packets. A remote unauthenticated attacker can send a specially crafted Cisco Fabric Services packet, trigger memory corruption and obtain sensitive information from memory or cause the service to crash.
18) Null pointer dereference (CVE-ID: CVE-2018-0305)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists in the Cisco Fabric Services component due to insufficient validation of Cisco Fabric Services packets. A remote attacker can send a specially crafted Cisco Fabric Services packet, trigger a NULL pointer dereference and cause the service to crash.
19) Security restrictions bypass (CVE-ID: CVE-2018-0294)
The vulnerability allows a local attacker to configure an unauthorized administrator account for an affected device.
The vulnerability exists in the write-erase feature due to improper deletion of sensitive files when certain CLI commands are used to clear the device configuration and reload a device. A local attacker can log into an affected device as an administrative user and configure an unauthorized account for the device.
20) Command injection (CVE-ID: CVE-2018-0307)
The vulnerability allows a local attacker to execute arbitrary commands on the target system.
The vulnerability exists in the CLI of Cisco NX-OS Software due to insufficient input validation of command arguments. A local attacker can inject malicious command arguments into a vulnerable CLI command and execute arbitrary commands with root privileges.
Remediation
Install update from vendor's website.
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxossnmp
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxosrbac
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxosigmp
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nx-os-api-ex...
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nx-os-cli-ex...
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxos-nxapi
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxos-rbacces...
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxosbgp
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxos-bo
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fxnxos-fab-a...
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fxnxos-dos
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fxnxos-ace
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fx-os-fabric...
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fx-os-cli-ex...
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxos-cdp
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nx-os-fabric...
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxosadmin
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nx-os-cli-in...