Denial of Service Vulnerability in Cisco Fabric Services for Cisco FXOS and NX-OS Software
CVE-2018-0311

7.5HIGH

Key Information:

Vendor: Cisco
Status: Cisco Fxos And Nx-os Unknown
Vendor: CVE Published:; 21 June 2018

Summary

A vulnerability exists in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software that can allow an unauthenticated, remote attacker to launch a denial of service (DoS) attack on affected devices. This vulnerability arises from the software’s insufficient validation of Cisco Fabric Services packets during processing. An attacker can exploit this flaw by sending specifically crafted packets, potentially causing a buffer overflow. A successful attack could lead to process crashes, disrupting services and availability on the device. Affected devices include various models in the Firepower, Nexus, and UCS series, highlighting the critical need for updated security measures and patches.

Affected Version(s)

Cisco FXOS and NX-OS unknown Cisco FXOS and NX-OS unknown

References

http://www.securitytracker.com/id/1041169

vdb-entryx_refsource_SECTRACK

https://tools.cisco.com/security/center/content/CiscoSecu...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 21, 2018
Vulnerability Reserved
Nov 27, 2017