PT-2018-8740 · Cisco · Nexus 5500 Platform Switches+18

Published

2018-06-20

·

Updated

2019-10-09

·

CVE-2018-0305

CVSS v3.1

8.6

High

VectorAV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Cisco FXOS Software and Cisco NX-OS Software (affected versions not specified) Firepower 4100 Series Next-Generation Firewalls (affected versions not specified) Firepower 9300 Security Appliance (affected versions not specified) MDS 9000 Series Multilayer Switches (affected versions not specified) Nexus 2000 Series Fabric Extenders (affected versions not specified) Nexus 3000 Series Switches (affected versions not specified) Nexus 3500 Platform Switches (affected versions not specified) Nexus 5500 Platform Switches (affected versions not specified) Nexus 5600 Platform Switches (affected versions not specified) Nexus 6000 Series Switches (affected versions not specified) Nexus 7000 Series Switches (affected versions not specified) Nexus 7700 Series Switches (affected versions not specified) Nexus 9000 Series Switches in standalone NX-OS mode (affected versions not specified) Nexus 9500 R-Series Line Cards and Fabric Modules (affected versions not specified) UCS 6100 Series Fabric Interconnects (affected versions not specified) UCS 6200 Series Fabric Interconnects (affected versions not specified) UCS 6300 Series Fabric Interconnects (affected versions not specified)
Description: A vulnerability in the Cisco Fabric Services component could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability exists because the affected software insufficiently validates Cisco Fabric Services packets. An attacker could exploit this vulnerability by sending a crafted Cisco Fabric Services packet to an affected device. A successful exploit could allow the attacker to force a NULL pointer dereference and cause a DoS condition.
Recommendations: For all affected devices, update to the latest software version that addresses this vulnerability. As a temporary workaround, consider restricting access to the Cisco Fabric Services component until a patch is available. Avoid using the Cisco Fabric Services component in configurations where it is not necessary until the issue is resolved. There are no workarounds that address this vulnerability, so updating to the latest software version is the recommended course of action.

Fix

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

CVE-2018-0305

Affected Products

Cisco Fxos
Cisco Nx-Os
Cisco Nexus
Firepower 4100 Series Next-Generation Firewalls
Firepower 9300 Security Appliance
Mds 9000 Series Multilayer Switches
Nexus 2000 Series Fabric Extenders
Nexus 3000 Series Switches
Nexus 3500 Platform Switches
Nexus 5500 Platform Switches
Nexus 5600 Platform Switches
Nexus 6000 Series Switches
Nexus 7000 Series Switches
Nexus 7700 Series Switches
Nexus 9000 Series Switches
Nexus 9500 R-Series Line Cards/Fabric Modules
Ucs 6100 Series Fabric Interconnects
Ucs 6200 Series Fabric Interconnects
Ucs 6300 Series Fabric Interconnects