You are here
Home > Preporuke > Ranjivosti u Cisco FXOS i NX-OS sistemskom softveru

Ranjivosti u Cisco FXOS i NX-OS sistemskom softveru

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: CIS

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco FXOS and NX-OS Software Cisco Fabric Services Denial of Service Vulnerability

Advisory ID: cisco-sa-20180620-nx-os-fabric-services-dos

Revision: 1.0

For Public Release: 2018 June 20 16:00 GMT

Last Updated: 2018 June 20 16:00 GMT

CVE ID(s): CVE-2018-0311

CVSS Score v(3): 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

+———————————————————————

Summary

=======

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

The vulnerability exists because the affected software insufficiently validates Cisco Fabric Services packets when the software processes packet data. An attacker could exploit this vulnerability by sending a maliciously crafted Cisco Fabric Services packet to an affected device. A successful exploit could allow the attacker to cause a buffer overflow condition on the device, which could cause process crashes and result in a DoS condition on the device.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nx-os-fabric-services-dos [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nx-os-fabric-services-dos”]

This advisory is part of the June 2018 Cisco FXOS and NX-OS Software Security Advisory Collection, which includes 24 Cisco Security Advisories that describe 24 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: June 2018 Cisco FXOS and NX-OS Software Security Advisory Collection [“https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-67770”].

—–BEGIN PGP SIGNATURE—–

iQJ5BAEBAgBjBQJbKnqyXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfczKlsQAMhocA4TXiBkVWLnuOrqd+NWl3ND
hLU/CtdPXjjfwg8ifYtszjP3z6/7eVZUzePyxwT4MZykK1oRdaYR7vq+mDrn+wBj
W4P7CmgWfDsp+eDyZbygzB+OJGo1toCSNdic3yNZJy6I1ZYL5QaQsxU5NMoeuAP9
KZunZBPbUnHvfrvRxnyS3k8y1AaRwBolGgOsd25Er/7jbyvg3Lx7/qSxLPcjCEsS
v4+36iJqV3HGt8U7l0SW/o0Z5i70GmBzvtBXvbC0TUwZOt7L/htT1w+1WtJqIloS
fiPHVO6/TkOlobWOdRnmcFhKbSxjJc54Bi2IPUWIgRcsKqlmNsldvTFjE/NGAl5X
0NRF6+l7/6RpZ14NuHzBaPCwZwoSVNEJYzkVB7wviRGoAw3LUJeM4iIzNDJeaQcg
yLpJg/+Beh1PhR/dtatUmRetwqXxwDslg1HS7SblXr+Tge+FwpleWqqyAZ8FZbrm
fgPzyb6v0Uzhdr72EYUQUOoLa2PXUYIxSL2Zg2xqdQh3Hya64ANZbklJHxMP5RyY
heNg943SkeFoKVZP0i1MuTav6wdGr3uJK9Fqvkdxgf/yc90HpEEMI9tDznYJFWcb
g81jSpNyAddf0tsYJkpAbfp9/XqcblBgXvlDmaKaEAIkMkJtItxVDEbk5ZLUAErB
UWE+ey5aTwdU1Tr+
=dSGG
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco FXOS and NX-OS Software Cisco Fabric Services Denial of Service Vulnerability

Advisory ID: cisco-sa-20180620-nx-os-fabric-dos

Revision: 1.0

For Public Release: 2018 June 20 16:00 GMT

Last Updated: 2018 June 20 16:00 GMT

CVE ID(s): CVE-2018-0310

CVSS Score v(3): 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

+———————————————————————

Summary

=======

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to obtain sensitive information from memory or cause a denial of service (DoS) condition on the affected product.

The vulnerability exists because the affected software insufficiently validates header values in Cisco Fabric Services packets. An attacker could exploit this vulnerability by sending a crafted Cisco Fabric Services packet to an affected device. A successful exploit could allow the attacker to cause a buffer overread condition, which could allow the attacker to obtain sensitive information from memory or cause a DoS condition on the affected product.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nx-os-fabric-dos [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nx-os-fabric-dos”]

This advisory is part of the June 2018 Cisco FXOS and NX-OS Software Security Advisory Collection, which includes 24 Cisco Security Advisories that describe 24 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: June 2018 Cisco FXOS and NX-OS Software Security Advisory Collection [“https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-67770”].

—–BEGIN PGP SIGNATURE—–

iQJ5BAEBAgBjBQJbKnqvXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfczc/oQAL1IFeiENl514mY5D3lrIU2kVTN9
R4E1cq9RTfGlxrtWv9efkG6WelEek9Z57DhBTG5CFXxBDL+YC1cOguojHn+3ohGb
aojBV3pTRatBXtv4Z8CnYVwib/Ay0J8YRqUGFfH2IcCpCNe2hChGhczAm2l9l7L1
d+AUBP9RNoYWc1XyWedioiDA6VQKPl/LortAONui5QLufiZWEpw9U8xzoH7Nd4uF
uPz+5ji0NdelRxx+OYL4D/2gML+4p8HTA0Bd/+U2XnKMCPO23pGtOyf/xBxPoxb7
Jg5JaMeFNkl9R5QwamqEad+nTtFF76Z8GB5R81ud/r3UWIyo7Pyvh/H2ba/mciCN
ZlYIQX2mN8kKH/a1HCkTEXwys6ohJ2CsAY0E2ivzTaFgjICM7iI+6e3lS8MJC0lg
WWvT5Fpn8kmoZwgXCgi/y84/wX96JmJT0RRi8/9TzdfYZuiQxSyBb8M9cHGs+EZC
xBeEXs19WgapptPi2XXJphkprSUNUtxOHaMnOYMYzxz9lmaB+AFWBSlPZwDAby6e
ve/4g0xO5pnPhzD2qjG236mjEGhP13uLJnE7BpUksPLKlcq4I2K2inDdxxI8z06U
Sgib5SZ+ZDEpI7PQ4vGJLe2XdQcrCWmk6dJYFaOQ9JXEYXdbCSIr6wLEzqmDuI8T
V7cS/jLtAnU1iOqV
=dt4c
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco FXOS and NX-OS Software Cisco Fabric Services Denial of Service Vulnerability

Advisory ID: cisco-sa-20180620-fx-os-fabric-dos

Revision: 1.0

For Public Release: 2018 June 20 16:00 GMT

Last Updated: 2018 June 20 16:00 GMT

CVE ID(s): CVE-2018-0305

CVSS Score v(3): 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

+———————————————————————

Summary

=======

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device.

The vulnerability exists because the affected software insufficiently validates Cisco Fabric Services packets. An attacker could exploit this vulnerability by sending a crafted Cisco Fabric Services packet to an affected device. A successful exploit could allow the attacker to force a NULL pointer dereference and cause a DoS condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fx-os-fabric-dos [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fx-os-fabric-dos”]

This advisory is part of the June 2018 Cisco FXOS and NX-OS Software Security Advisory Collection, which includes 24 Cisco Security Advisories that describe 24 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: June 2018 Cisco FXOS and NX-OS Software Security Advisory Collection [“https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-67770”].

—–BEGIN PGP SIGNATURE—–

iQJ5BAEBAgBjBQJbKnqgXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfczyb4P/02dgJVts44Lya8BKUSBqQkyQdW5
HAoi8hdz5uT0WAZKvGnJVwr7UwlXWQ6kaegN4STzykGSQ6woP46YPSudHqH6wqaf
NL8y+hIe5u8ARrPP1z5qV3enkx6WiL0YcnnYbM4mby4nZOEaQ48kN+IZMIGcshJ5
wV6GPVuaB4m0aDdswKCWSEzrZkFXlQWXcapyIjBS45Fl0RgnkXNRvOgt8h6GQHoq
DDPJ1Jzihb0vt+epYRdHJoA3m3cosuhzuVpH3oYNoeS7eyykIbXYpVjI9zdCVCKb
tUAeh4omW9BjGBaxRBmPNyg0JZcGsCO5If1tkt2DStYydoGudU/R64ln3ibBQGZN
XtaQTNzq7xuY/rIdV0JvLxZf9WnmYMd1UF/5N193tQVGf26MK5/u7hUTqRW1ellh
643doa4KrvjM8+1z+gRzDBkZJOg8GmrHqyVh91ttuJp9zbzgj/yG47xdo5I7EBIl
ZxtUORFmFi9Z04Yb9YJqsuUU6YXSOsAEuenTh3aVVHQUSSHeh6dupU67nMJG01p5
UVa2GV6FV+c2VQga9tgnSlxtwCyA/uMemhjgp4CbAgUUbwTO8OFRlzvl2kJvVyDl
QZNgCF3B9vsMZT79butS+lgwn/jPW78E08j6wNNsI4TfJ9TPwWa/PrJrPt5+Eznf
jvmnK/IWBrO/Z/He
=RlsR
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com

AutorPetar Bertok
Cert idNCERT-REF-2018-06-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Ranjivosti u Cisco FXOS i NX-OS sistemskom softveru

Otkrivena je ranjivost u Cisco Fabric Services (CFS) komponenti u Cisco FXOS i NX-OS sistemskom softveru. Ranjivost se događa jer...

Close