Denial of Service Vulnerability in Cisco NX-OS Software Products
CVE-2018-0331

6.5MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Fxos, Nx-os, And Ucs Manager Unknown
Vendor: CVE Published:; 21 June 2018

What is CVE-2018-0331?

A vulnerability exists in the Cisco Discovery Protocol (CDP) subsystem of Cisco NX-OS Software, potentially allowing an unauthenticated, adjacent attacker to induce a denial of service (DoS) condition. This vulnerability arises from improper validation of fields within a CDP message during processing. An attacker capable of sending a specially crafted CDP message can trigger this vulnerability, leading to a device restart, resulting in disrupted services. Affected devices include a range of Cisco hardware from Firepower Series to Nexus and UCS systems.

Affected Version(s)

Cisco FXOS, NX-OS, and UCS Manager unknown Cisco FXOS, NX-OS, and UCS Manager unknown

References

https://tools.cisco.com/security/center/content/CiscoSecu...

x_refsource_CONFIRM

http://www.securitytracker.com/id/1041169

vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 21, 2018
Vulnerability Reserved
Nov 27, 2017