Buffer Overflow Vulnerability in Cisco FXOS and UCS Fabric Interconnect Software
CVE-2018-0298

7.5HIGH

Key Information:

Vendor: Cisco
Status: Cisco Fxos Software And Ucs Fabric Interconnect Unknown
Vendor: CVE Published:; 21 June 2018

Summary

A buffer overflow vulnerability exists in the web user interface of Cisco FXOS and UCS Fabric Interconnect Software, stemming from improper input validation. This security weakness allows unauthenticated remote attackers to send specially crafted HTTP or HTTPS packets to the physical management interface of affected devices. Successful exploitation may lead to a process crash or device reload, resulting in a denial of service (DoS) condition.

Affected Version(s)

Cisco FXOS Software and UCS Fabric Interconnect unknown Cisco FXOS Software and UCS Fabric Interconnect unknown

References

https://tools.cisco.com/security/center/content/CiscoSecu...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 21, 2018
Vulnerability Reserved
Nov 27, 2017