CVE-2018-0337

EPSS 0.13%
Published 21.06.2018 11:29:00
Last modified 21.11.2024 03:38:00
Source psirt@cisco.com
Teams watchlist Login
Open Login

A vulnerability in the role-based access-checking mechanisms of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on an affected device. The vulnerability exists because the affected software lacks proper input and validation checks for certain file systems. An attacker could exploit this vulnerability by issuing crafted commands in the CLI of an affected device. A successful exploit could allow the attacker to cause other users to execute unwanted, arbitrary commands on the affected device. Cisco Bug IDs: CSCvd06339, CSCvd15698, CSCvd36108, CSCvf52921, CSCvf52930, CSCvf52953, CSCvf52976.

Affected products Warnungen 0 Metrics 3 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Nx-os Version7.0(8)n1(1)

   Cisco ≫ Nexus 5000 Version-
   Cisco ≫ Nexus 5010 Version-
   Cisco ≫ Nexus 5020 Version-
   Cisco ≫ Nexus 5548p Version-
   Cisco ≫ Nexus 5548up Version-
   Cisco ≫ Nexus 5596t Version-
   Cisco ≫ Nexus 5596up Version-
   Cisco ≫ Nexus 56128p Version-
   Cisco ≫ Nexus 5624q Version-
   Cisco ≫ Nexus 5648q Version-
   Cisco ≫ Nexus 5672up Version-
   Cisco ≫ Nexus 5696q Version-

Cisco ≫ Nx-os Version7.1(4)n1(1)

Cisco ≫ Nx-os Version7.3(1)n1(0.6)

Cisco ≫ Nx-os Version7.3(2)n1(0.350)

Cisco ≫ Nx-os Version7.3(1)dx(0.119)

Cisco ≫ Nexus 7000 Version-
Cisco ≫ Nexus 7700 Version-

Cisco ≫ Nx-os Version7.3(3)d1(0.2)

Cisco ≫ Nexus 7000 Version-
Cisco ≫ Nexus 7700 Version-

Cisco ≫ Nx-os Version8.0(0.54)s0

Cisco ≫ Nexus 7000 Version-
Cisco ≫ Nexus 7700 Version-

Cisco ≫ Nx-os Version8.1(0)bd(0.20)

Cisco ≫ Nexus 7000 Version-
Cisco ≫ Nexus 7700 Version-

Cisco ≫ Nx-os Version8.1(0.9)

Cisco ≫ Nexus 7000 Version-
Cisco ≫ Nexus 7700 Version-

Cisco ≫ Nx-os Version8.2(0.4)s0

Cisco ≫ Nexus 7000 Version-
Cisco ≫ Nexus 7700 Version-

Cisco ≫ Nx-os Version8.3(0)spg(0.30)

Cisco ≫ Nexus 7000 Version-
Cisco ≫ Nexus 7700 Version-

Cisco ≫ Nx-os Version8.8(3.5)s0

Cisco ≫ Nexus 7000 Version-
Cisco ≫ Nexus 7700 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.13%	0.287

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxos-rbaccess

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-0337

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-0337

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-0337

EUVD