Remote Information Disclosure and DoS Vulnerability in Cisco Products
CVE-2018-0310

9.8CRITICAL

Key Information:

Vendor: Cisco
Status: Cisco Fxos And Nx-os Unknown
Vendor: CVE Published:; 21 June 2018

Summary

A vulnerability in Cisco's Fabric Services component of FXOS and NX-OS software allows unauthenticated remote attackers to access sensitive information or disrupt service. This is due to insufficient validation of header values in Fabric Services packets, enabling crafted attacks that can lead to buffer overreads. Affected devices include various Cisco firewalls, switches, and fabric interconnects, highlighting the importance of timely updates and security measures.

Affected Version(s)

Cisco FXOS and NX-OS unknown Cisco FXOS and NX-OS unknown

References

https://tools.cisco.com/security/center/content/CiscoSecu...

x_refsource_CONFIRM

http://www.securitytracker.com/id/1041169

vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 21, 2018
Vulnerability Reserved
Nov 27, 2017