A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition.
The vulnerability exists because the affected software insufficiently validates header values in Cisco Fabric Services packets. An attacker could exploit this vulnerability by sending a crafted Cisco Fabric Services packet to an affected device. A successful exploit could allow the attacker to cause a buffer overflow that could allow the attacker to execute arbitrary code or cause a DoS condition.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fxnxos-fab-ace [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fxnxos-fab-ace”]
This advisory is part of the June 2018 Cisco FXOS and NX-OS Software Security Advisory Collection, which includes 24 Cisco Security Advisories that describe 24 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: June 2018 Cisco FXOS and NX-OS Software Security Advisory Collection [“https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-67770”].
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | cisco_nx-os_software | 6.0(2)n1 | cpe:2.3:a:cisco:cisco_nx-os_software:6.0\(2\)n1:*:*:*:*:*:*:* |
cisco | cisco_nx-os_software | 6.0(2)n2 | cpe:2.3:a:cisco:cisco_nx-os_software:6.0\(2\)n2:*:*:*:*:*:*:* |
cisco | cisco_nx-os_software | 6.1(2)i1 | cpe:2.3:a:cisco:cisco_nx-os_software:6.1\(2\)i1:*:*:*:*:*:*:* |
cisco | cisco_nx-os_software | 6.1(2)i3 | cpe:2.3:a:cisco:cisco_nx-os_software:6.1\(2\)i3:*:*:*:*:*:*:* |
cisco | cisco_nx-os_software | 7.0 | cpe:2.3:a:cisco:cisco_nx-os_software:7.0:*:*:*:*:*:*:* |
cisco | cisco_nx-os_software | 7.0(2)i2 | cpe:2.3:a:cisco:cisco_nx-os_software:7.0\(2\)i2:*:*:*:*:*:*:* |
cisco | cisco_nx-os_software | 7.0(2)n1 | cpe:2.3:a:cisco:cisco_nx-os_software:7.0\(2\)n1:*:*:*:*:*:*:* |
cisco | cisco_nx-os_software | 7.0(6)n1 | cpe:2.3:a:cisco:cisco_nx-os_software:7.0\(6\)n1:*:*:*:*:*:*:* |
cisco | cisco_nx-os_software | 7.1(0)n1 | cpe:2.3:a:cisco:cisco_nx-os_software:7.1\(0\)n1:*:*:*:*:*:*:* |
cisco | cisco_nx-os_software | 7.1(3)n1 | cpe:2.3:a:cisco:cisco_nx-os_software:7.1\(3\)n1:*:*:*:*:*:*:* |