SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Router/Bridge/Hub)  >   Cisco NX-OS Vendors:   Cisco
Cisco NX-OS Multiple Bugs Let Remote Users Deny Service and Execute Arbitrary Code and Let Remote Authenticated Users Gain Elevated Privileges
SecurityTracker Alert ID:  1041169
SecurityTracker URL:  http://securitytracker.com/id/1041169
CVE Reference:   CVE-2018-0291, CVE-2018-0292, CVE-2018-0293, CVE-2018-0294, CVE-2018-0295, CVE-2018-0299, CVE-2018-0300, CVE-2018-0301, CVE-2018-0303, CVE-2018-0304, CVE-2018-0305, CVE-2018-0306, CVE-2018-0307, CVE-2018-0308, CVE-2018-0309, CVE-2018-0310, CVE-2018-0311, CVE-2018-0312, CVE-2018-0313, CVE-2018-0314, CVE-2018-0330, CVE-2018-0331   (Links to External Site)
Date:  Jun 22 2018
Impact:   Denial of service via network, Disclosure of system information, Execution of arbitrary code via local system, Execution of arbitrary code via network, Modification of system information, Root access via local system, Root access via network, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Multiple vulnerabilities were reported in Cisco NX-OS. A remote user can cause the target system to reload. A remote user can execute arbitrary code on the target system. A remote user can obtain potentially sensitive information. A remote authenticated user can gain elevated privileges.

A remote user on the local network can send specially crafted Cisco Discovery Protocol headers to trigger a buffer overflow and cause denial of service conditions or execute arbitrary code with root privileges on the target device [CVE-2018-0303].

A remote user can send specially crafted Cisco Fabric Services packets to the target device to trigger a buffer overflow or buffer overread and obtain potentially sensitive memory contents, cause denial of service conditions, or execute arbitrary code with root privileges on the target device [CVE-2018-0304].

A remote user can send specially crafted Cisco Fabric Services packets to trigger a null pointer dereference and cause denial of service conditions [CVE-2018-0305].

A remote user can send specially crafted Cisco Fabric Services packets to the target device to trigger a buffer overflow and cause denial of service conditions or execute arbitrary code on the target device [CVE-2018-0308].

A remote user can send specially crafted Cisco Fabric Services packets to the target device to trigger a buffer overflow and execute arbitrary code on the target device [CVE-2018-0314].

A remote authenticated user can send multiple specially crafted command line interface (CLI) commands or send a specially crafted SNMP poll request for a specific Object Identifier (OID) to trigger a memory free error and consume all available system memory, causing the device to reset or restart [CVE-2018-0309].

A remote authenticated user can send a specially crafted SNMP poll request to cause the target device to reload [CVE-2018-0299].

A remote authenticated user can send a specially crafted packet to the management interface to trigger an input validation flaw in the NX-API and execute arbitrary commands with root privileges [CVE-2018-0313]. Systems with NX-API enabled are affected.

A local user can supply specially crafted command arguments via the CLI to trigger an input validation flaw and execute arbitrary commands with root privileges on the target system [CVE-2018-0306]. Systems with one or more feature licenses uploaded to the device are affected [even if the license is not used].

A remote user can send specially crafted Cisco Fabric Services packet headers to trigger a buffer overread and obtain potentially sensitive information from memory or cause denial of service conditions on the target system [CVE-2018-0310].

A remote user can send specially crafted Cisco Fabric Services packet headers to trigger a buffer overflow and cause denial of service conditions on the target system [CVE-2018-0311].

A remote user can send a specially crafted HTTP or HTTPS packet to the management interface to trigger a buffer overflow in the NX-API and execute arbitrary code with root privileges [CVE-2018-0301]. Systems with NX-API enabled are affected.

A remote user on the local network can send a specially crafted Cisco Discovery Protocol message to trigger an input validation flaw and cause the target device to restart [CVE-2018-0331].

A remote authenticated user can send a specially crafted packet to the management interface to trigger an input validation flaw in the NX-API to bypass NX-OS role assignment and execute arbitrary commands with elevated privileges [CVE-2018-0330].

A local user can issue specially crafted CLI commands to execute arbitrary arbitrary commands on the target device [CVE-2018-0337].

A local user can exploit a flaw in the write-erase feature to configure an unauthorized account with administrator privileges that will not appear in the running configuration or the audit logs [CVE-2018-0294].

A remote user that can send packets that appear to originate from a trusted Border Gateway Protocol (BGP) peer can send a specially crafted BGP update message to the target device to cause the target device to reload [CVE-2018-0295].

A remote user on the local network can send specially crafted Internet Group Management Protocol (IGMP) packets to trigger a buffer overflow in the IGMP Snooping component and cause the system to reload or execute arbitrary code [CVE-2018-0292].

A remote authenticated non-administrative user can supply specially crafted CLI commands to exploit a role-based access control (RBAC) flaw and execute administrative commands to modify the configuration or boot image on the target device [CVE-2018-0293].

A remote authenticated user can send a specially crafted SNMP packet to the target device to trigger a protocol data unit validation flaw and cause the target device to restart [CVE-2018-0291].

A local user can supply specially crafted CLI command arguments to exploit an input validation flaw and execute arbitrary commands with root privileges [CVE-2018-0307]. On systems that support multiple virtual device contexts (VDC), this can be exploited to access arbitrary files from any VDC.

Impact:   A remote user can cause the target system to reload.

A remote user can obtain potentially sensitive information.

A remote user can execute arbitrary code on the target system.

A local or remote authenticated user can gain elevated privileges on the target system.

Solution:   The vendor has issued a fix.

The vendor advisories are available at:

https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-67770
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxossnmp
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxosigmp
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxosrbac
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxosadmin
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxosbgp
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fxos-dos
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-n4k-snmp-dos
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-firepwr-pt
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxos-bo
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fxnxos-ace
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fx-os-fabric-dos
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nx-os-cli-execution
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nx-os-cli-injection
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fxnxos-fab-ace
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-n3k-n9k-clisnmp
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nx-os-fabric-dos
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nx-os-fabric-services-dos
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fx-os-cli-execution
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nx-os-api-execution
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fx-os-fabric-execution
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxos-nxapi
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxos-cdp

Vendor URL:  tools.cisco.com/security/center/viewErp.x?alertId=ERP-67770 (Links to External Site)
Cause:   Access control error, Boundary error, Input validation error, State error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC