Null pointer dereference in Cisco NX-OS

#VU13447 Null pointer dereference in Cisco NX-OS

Published: 2018-06-20 | Updated: 2018-06-25

Vulnerability identifier: #VU13447

Vulnerability risk: Medium

CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-0305

CWE-ID: CWE-476

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Cisco NX-OS
Operating systems & Components / Operating system

Vendor: Cisco Systems, Inc

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in the Cisco Fabric Services component due to insufficient validation of Cisco Fabric Services packets. A remote attacker can send a specially crafted Cisco Fabric Services packet, trigger a NULL pointer dereference and cause the service to crash.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Cisco NX-OS: All versions

External links
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fx-os-fabric...

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Cisco UCS Fabric Interconnects

Multiple vulnerabilities in Cisco FXOS

Multiple vulnerabilities in Cisco NX-OS