Remote Code Execution Vulnerability in Cisco Fabric Services Software
CVE-2018-0304

9.8CRITICAL

Key Information:

Vendor
Cisco
Status
Cisco Fxos And Nx-os Unknown
Vendor
CVE Published:
20 June 2018

Summary

A vulnerability in Cisco Fabric Services components of Cisco FXOS Software and NX-OS Software could be exploited by an unauthenticated, remote attacker. By sending a specially crafted Cisco Fabric Services packet, an attacker may read sensitive memory content, trigger a denial of service (DoS) condition, or execute arbitrary code with root privileges. The root cause of the vulnerability lies in the insufficient validation of Cisco Fabric Services packet headers, enabling potential buffer overflow or overread conditions.

Affected Version(s)

Cisco FXOS and NX-OS unknown Cisco FXOS and NX-OS unknown

References

https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/104513
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1041169
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.