Cisco NX-OS NX-API Subsystem access control

Summaryinfo

A vulnerability marked as critical has been reported in Cisco NX-OS. The impacted element is an unknown function of the component NX-API Subsystem. The manipulation leads to access control. This vulnerability is listed as CVE-2018-0330. The attack may be initiated remotely. There is no available exploit. It is suggested to upgrade the affected component.

Detailsinfo

A vulnerability was found in Cisco NX-OS (Router Operating System) (the affected version is unknown). It has been rated as critical. This issue affects an unknown code of the component NX-API Subsystem. The manipulation with an unknown input leads to a access control vulnerability. Using CWE to declare the problem leads to CWE-264. Impacted is confidentiality, integrity, and availability. The summary by CVE is:

A vulnerability in the NX-API management application programming interface (API) in devices running, or based on, Cisco NX-OS Software could allow an authenticated, remote attacker to execute commands with elevated privileges. The vulnerability is due to a failure to properly validate certain parameters included within an NX-API request. An attacker that can successfully authenticate to the NX-API could submit a request designed to bypass NX-OS role assignment. A successful exploit could allow the attacker to execute commands with elevated privileges. This vulnerability affects the following if configured to use the NX-API feature: MDS 9000 Series Multilayer Switches, Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode. Cisco Bug IDs: CSCvc73177, CSCve40903, CSCve40911.

The bug was discovered 06/20/2018. The weakness was presented 06/20/2018 as cisco-sa-20180620-nxos-nxapi / CSCve40911 as confirmed advisory (Website). The advisory is shared at tools.cisco.com. The identification of this vulnerability is CVE-2018-0330 since 11/27/2017. The attack may be initiated remotely. A simple authentication is needed for exploitation. Neither technical details nor an exploit are publicly available. MITRE ATT&CK project uses the attack technique T1068 for this issue.

The vulnerability scanner Nessus provides a plugin with the ID 110688 (Cisco NX-OS NXAPI Multiple Vulnerabilities.), which helps to determine the existence of the flaw in a target environment. It is assigned to the family CISCO and running in the context c. The commercial vulnerability scanner Qualys is able to test this issue with plugin 316291 (Cisco NX-OS Software NX-API Privilege Escalation Vulnerability(cisco-sa-20180620-nxos-nxapi)).

Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

The vulnerability is also documented in the vulnerability database at Tenable (110688). See VDB-119747 and VDB-119774 for similar entries. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Productinfo

Type

• Router Operating System

Vendor

• Cisco

Name

• NX-OS

License

• commercial

Website

• Vendor: https://www.cisco.com/

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Discussion