CVE-2018-0298
21.06.2018, 11:29
A vulnerability in the web UI of Cisco FXOS and Cisco UCS Fabric Interconnect Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected system. The vulnerability is due to incorrect input validation in the web UI. An attacker could exploit this vulnerability by sending a malicious HTTP or HTTPS packet directed to the physical management interface of an affected system. A successful exploit could allow the attacker to cause the process to crash and possibly reload the device, resulting in a denial of service (DoS) condition on the affected system. This vulnerability affects Firepower 4100 Series Next-Generation Firewall, Firepower 9300 Security Appliance, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvb61398, CSCvb86799.Enginsight
| Vendor | Product | Version |
|---|---|---|
| cisco | nx-os | 3.0\(2\) ≤ 𝑥 < 3.1\(3a\)a |
| cisco | firepower_extensible_operating_system | 1.1 ≤ 𝑥 < 1.1.4.169 |
| cisco | firepower_extensible_operating_system | 2.0 ≤ 𝑥 < 2.0.1.135 |
| cisco | firepower_extensible_operating_system | 1.1 ≤ 𝑥 < 1.1.4.179 |
| cisco | firepower_extensible_operating_system | 2.0 ≤ 𝑥 < 2.0.1.153 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-20 - Improper Input ValidationThe product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory BufferThe software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.