Lucene search

CiscoCVE-2018-0302

HistoryJun 21, 2018 - 11:29 a.m.

CVE-2018-0302

2018-06-2111:29:00

CWE-119

CWE-20

cisco

web.nvd.nist.gov

cisco

fxos

ucs

vulnerability

buffer overflow

authenticated attacker

local attacker

cisco bug ids

nvd

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

A vulnerability in the CLI parser of Cisco FXOS Software and Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to incorrect input validation in the CLI parser subsystem. An attacker could exploit this vulnerability by exceeding the expected length of user input. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the affected system. This vulnerability affects Firepower 4100 Series Next-Generation Firewall, Firepower 9300 Security Appliance, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvb61099, CSCvb86743.

Affected configurations

Nvd

Node

cisconx-osMatch3.1\(1k\)a

AND

ciscoucs_6120xpMatch-

ciscoucs_6140xpMatch-

ciscoucs_6248upMatch-

ciscoucs_6296upMatch-

ciscoucs_6324Match-

ciscoucs_6332Match-

Node

ciscofirepower_extensible_operating_systemRange1.1–1.1.4.169

ciscofirepower_extensible_operating_systemRange2.0–2.0.1.135

AND

ciscofirepower_4110Match-

ciscofirepower_4120Match-

ciscofirepower_4140Match-

ciscofirepower_4150Match-

Node

ciscofirepower_extensible_operating_systemRange1.1–1.1.4.169

ciscofirepower_extensible_operating_systemRange2.0–2.0.1.135

AND

ciscofirepower_9300_security_applianceMatch-

VendorProductVersionCPE
cisconx-os3.1(1k)acpe:2.3:o:cisco:nx-os:3.1\(1k\)a:*:*:*:*:*:*:*
ciscoucs_6120xp-cpe:2.3:h:cisco:ucs_6120xp:-:*:*:*:*:*:*:*
ciscoucs_6140xp-cpe:2.3:h:cisco:ucs_6140xp:-:*:*:*:*:*:*:*
ciscoucs_6248up-cpe:2.3:h:cisco:ucs_6248up:-:*:*:*:*:*:*:*
ciscoucs_6296up-cpe:2.3:h:cisco:ucs_6296up:-:*:*:*:*:*:*:*
ciscoucs_6324-cpe:2.3:h:cisco:ucs_6324:-:*:*:*:*:*:*:*
ciscoucs_6332-cpe:2.3:h:cisco:ucs_6332:-:*:*:*:*:*:*:*
ciscofirepower_extensible_operating_system*cpe:2.3:o:cisco:firepower_extensible_operating_system:*:*:*:*:*:*:*:*
ciscofirepower_4110-cpe:2.3:h:cisco:firepower_4110:-:*:*:*:*:*:*:*
ciscofirepower_4120-cpe:2.3:h:cisco:firepower_4120:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	nx-os	3.1(1k)a	cpe:2.3:o:cisco:nx-os:3.1\(1k\)a:::::::*
cisco	ucs_6120xp	-	cpe:2.3:h:cisco:ucs_6120xp:-:::::::*
cisco	ucs_6140xp	-	cpe:2.3:h:cisco:ucs_6140xp:-:::::::*
cisco	ucs_6248up	-	cpe:2.3:h:cisco:ucs_6248up:-:::::::*
cisco	ucs_6296up	-	cpe:2.3:h:cisco:ucs_6296up:-:::::::*
cisco	ucs_6324	-	cpe:2.3:h:cisco:ucs_6324:-:::::::*
cisco	ucs_6332	-	cpe:2.3:h:cisco:ucs_6332:-:::::::*
cisco	firepower_extensible_operating_system	*	cpe:2.3:o:cisco:firepower_extensible_operating_system::::::::
cisco	firepower_4110	-	cpe:2.3:h:cisco:firepower_4110:-:::::::*
cisco	firepower_4120	-	cpe:2.3:h:cisco:firepower_4120:-:::::::*

Rows per page:

1-10 of 131

CNA Affected

[
  {
    "product": "Cisco FXOS Software and UCS Fabric Interconnect unknown",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco FXOS Software and UCS Fabric Interconnect unknown"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fxos-ace

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

Related for CVE-2018-0302