CVE-2018-0304

Name of the Vulnerable Software and Affected Versions: Cisco FXOS Software and Cisco NX-OS Software (affected versions not specified)

Description: A vulnerability in the Cisco Fabric Services component could allow an unauthenticated, remote attacker to read sensitive memory content, create a denial of service (DoS) condition, or execute arbitrary code as root. The vulnerability exists because the affected software insufficiently validates Cisco Fabric Services packet headers. An attacker could exploit this vulnerability by sending a crafted Cisco Fabric Services packet to an affected device. A successful exploit could allow the attacker to cause a buffer overflow or buffer overread condition in the Cisco Fabric Services component.

Recommendations: For Cisco FXOS Software and Cisco NX-OS Software, update to a version that includes the fix for this vulnerability, as software updates have been released by Cisco to address this issue. At the moment, there is no information about specific versions that contain a fix for this vulnerability.