Main Vulnerability Database Vulnerabilities #VU13444

Improper input validation in Cisco NX-OS - CVE-2018-0331

Published: June 20, 2018 / Updated: June 25, 2018

Vulnerability identifier: #VU13444

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-0331

CWE-ID: CWE-20

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: Cisco Systems, Inc

Affected software:
Cisco NX-OS

Detailed vulnerability description

The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

The vulnerability exists in the Cisco Discovery Protocol (formerly known as CDP) subsystem due to improper validation of certain fields within a Cisco Discovery Protocol message prior to processing it. An adjacent attacker can submit a Cisco Discovery Protocol message and cause the service to crash.

How to mitigate CVE-2018-0331

Install update from vendor's website.

Sources

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxos-cdp

Improper input validation in Cisco NX-OS - CVE-2018-0331

Detailed vulnerability description

How to mitigate CVE-2018-0331

Sources

Please verify you're human