Cisco FXOS/NX-OS Fabric Services Packet resource management

Summaryinfo

A vulnerability, which was classified as critical, was found in Cisco FXOS and NX-OS. This issue affects some unknown processing of the component Fabric Services. The manipulation as part of Packet results in resource management. This vulnerability is reported as CVE-2018-0310. The attack can be launched remotely. No exploit exists. You should upgrade the affected component.

Detailsinfo

A vulnerability classified as critical has been found in Cisco FXOS and NX-OS (Router Operating System) (affected version not known). Affected is some unknown functionality of the component Fabric Services. The manipulation as part of a Packet leads to a resource management vulnerability. CWE is classifying the issue as CWE-399. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to obtain sensitive information from memory or cause a denial of service (DoS) condition on the affected product. The vulnerability exists because the affected software insufficiently validates header values in Cisco Fabric Services packets. An attacker could exploit this vulnerability by sending a crafted Cisco Fabric Services packet to an affected device. A successful exploit could allow the attacker to cause a buffer overread condition, which could allow the attacker to obtain sensitive information from memory or cause a DoS condition on the affected product. This vulnerability affects Firepower 4100 Series Next-Generation Firewalls, Firepower 9300 Security Appliance, MDS 9000 Series Multilayer Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvd69957, CSCve02435, CSCve04859, CSCve41536, CSCve41538, CSCve41559.

The bug was discovered 06/20/2018. The weakness was disclosed 06/21/2018 as cisco-sa-20180620-nx-os-fabric / CSCve41559 as confirmed advisory (Website). The advisory is shared for download at tools.cisco.com. This vulnerability is traded as CVE-2018-0310 since 11/27/2017. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. There are neither technical details nor an exploit publicly available.

The vulnerability scanner Nessus provides a plugin with the ID 110687 (Cisco NX-OS Cisco Fabric Services Multiple Vulnerabilities.), which helps to determine the existence of the flaw in a target environment. It is assigned to the family CISCO and running in the context c. The commercial vulnerability scanner Qualys is able to test this issue with plugin 316294 (Cisco FXOS and NX-OS Software Cisco Fabric Services Denial of Service Vulnerability(cisco-sa-20180620-nx-os-fabric-dos)).

Upgrading eliminates this vulnerability. A possible mitigation has been published before and not just after the disclosure of the vulnerability.

The vulnerability is also documented in the vulnerability database at Tenable (110687). The entries VDB-119748, VDB-119750, VDB-119751 and VDB-119752 are pretty similar. Once again VulDB remains the best source for vulnerability data.

Productinfo

Type

• Router Operating System

Vendor

• Cisco

Name

• FXOS
• NX-OS

License

• commercial

Website

• Vendor: https://www.cisco.com/

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Once again VulDB remains the best source for vulnerability data.

Discussion