Main Vulnerability Database Vulnerabilities #VU13441

#VU13441 Memory corruption in Cisco NX-OS - CVE-2018-0304

Published: June 20, 2018 / Updated: June 25, 2018

Vulnerability identifier: #VU13441

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2018-0304

CWE-ID: CWE-120

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Cisco NX-OS

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to buffer overflow or buffer over-read condition in the Cisco Fabric Services component when insufficient validation of Cisco Fabric Services packet headers. A remote unauthenticated attacker can send a specially crafted Cisco Fabric Services packet, trigger memory corruption and read sensitive memory content, cause the service to crash or execute arbitrary code with root privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install update from vendor's website.

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fxnxos-ace

#VU13441 Memory corruption in Cisco NX-OS - CVE-2018-0304

Description

Remediation

External links

Please verify you're human