Main Vulnerability Database Vulnerabilities #VU13442

#VU13442 Buffer overflow in Cisco NX-OS - CVE-2018-0314

Published: June 20, 2018 / Updated: June 25, 2018

Vulnerability identifier: #VU13442

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2018-0314

CWE-ID: CWE-120

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Cisco NX-OS

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists in the Cisco Fabric Services (CFS) component due to buffer overflow when insufficient validation of Cisco Fabric Services packet headers when the software processes packet data. A remote unauthenticated attacker can send a maliciously crafted Cisco Fabric Services packet, trigger memory corruption and execute arbitrary code on the device.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install update from vendor's website.

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fx-os-fabric...

#VU13442 Buffer overflow in Cisco NX-OS - CVE-2018-0314

Description

Remediation

External links

Please verify you're human