Buffer Overflow Vulnerability in NX-API of Cisco NX-OS Software
CVE-2018-0301

9.8CRITICAL

Key Information:

Vendor
Cisco
Status
Cisco Nx-os Unknown
Vendor
CVE Published:
20 June 2018

Summary

An improper input validation vulnerability in the NX-API feature of Cisco NX-OS Software can allow an unauthenticated, remote attacker to exploit the management interface of affected devices. By crafting a malicious HTTP or HTTPS packet directed at the NX-API, an attacker could trigger a buffer overflow, potentially leading to arbitrary code execution with root privileges. This vulnerability impacts various Cisco Nexus switch models and is disabled by default, enhancing security for unconfigured devices.

Affected Version(s)

Cisco NX-OS unknown Cisco NX-OS unknown

References

http://www.securityfocus.com/bid/104512
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1041169
vdb-entryx_refsource_SECTRACK
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.