cnvd - cnvd-2018-12386

CNVD-2018-12386

Vulnerability from cnvd - Published: 2018-06-30

Title

多款Cisco产品NX-OS Software拒绝服务漏洞

Description

Cisco Nexus 2000 Series Switches等都是美国思科（Cisco）公司的产品。Cisco Nexus 2000 Series Switches等都是交换机设备。Fabric Modules是一款交换机矩阵模块。NX-OS Software是运行在其中的一套交换机使用的数据中心级操作系统软件。Border Gateway Protocol（BGP）是其中的一个边界网络协议。多款Cisco产品中NX-OS Software的Border Gateway Protocol (BGP)实现存在输入验证漏洞，该漏洞源于程序未能对BGP更新消息执行完整的输入验证。远程攻击者可通过向目标设备发送特制的BGP更新消息利用该漏洞造成拒绝服务。

Severity

高

Patch Name

多款Cisco产品NX-OS Software拒绝服务漏洞的补丁

Patch Description

Formal description

厂商已发布漏洞修复程序，请及时关注更新： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxosbgp

Reference

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxosbgp

Impacted products

Name
['Cisco Nexus 3000 Series Switche', 'Cisco Nexus 7000 series switches', 'Cisco Nexus 6000 Series Switches', 'Cisco Nexus 7700 Series Switches', 'Cisco Nexus 5600 Platform Switches', 'Cisco Nexus 5500 Platform Switches', 'Cisco Nexus 3500 Platform Switches', 'Cisco Nexus 9500 R-Series Line Cards and Fabric Modules', 'Cisco Nexus 3600 Platform Switches', 'Cisco Nexus 9000 Series Switches', 'Cisco Nexus 2000 Series Switches', 'Cisco Nexus 9000 Series Fabric Switches']

Name

['Cisco Nexus 3000 Series Switche', 'Cisco Nexus 7000 series switches', 'Cisco Nexus 6000 Series Switches', 'Cisco Nexus 7700 Series Switches', 'Cisco Nexus 5600 Platform Switches', 'Cisco Nexus 5500 Platform Switches', 'Cisco Nexus 3500 Platform Switches', 'Cisco Nexus 9500 R-Series Line Cards and Fabric Modules', 'Cisco Nexus 3600 Platform Switches', 'Cisco Nexus 9000 Series Switches', 'Cisco Nexus 2000 Series Switches', 'Cisco Nexus 9000 Series Fabric Switches']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-0295"
    }
  },
  "description": "Cisco Nexus 2000 Series Switches\u7b49\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Cisco Nexus 2000 Series Switches\u7b49\u90fd\u662f\u4ea4\u6362\u673a\u8bbe\u5907\u3002Fabric Modules\u662f\u4e00\u6b3e\u4ea4\u6362\u673a\u77e9\u9635\u6a21\u5757\u3002NX-OS Software\u662f\u8fd0\u884c\u5728\u5176\u4e2d\u7684\u4e00\u5957\u4ea4\u6362\u673a\u4f7f\u7528\u7684\u6570\u636e\u4e2d\u5fc3\u7ea7\u64cd\u4f5c\u7cfb\u7edf\u8f6f\u4ef6\u3002Border Gateway Protocol\uff08BGP\uff09\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u8fb9\u754c\u7f51\u7edc\u534f\u8bae\u3002\r\n\r\n\u591a\u6b3eCisco\u4ea7\u54c1\u4e2dNX-OS Software\u7684Border Gateway Protocol (BGP)\u5b9e\u73b0\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5bf9BGP\u66f4\u65b0\u6d88\u606f\u6267\u884c\u5b8c\u6574\u7684\u8f93\u5165\u9a8c\u8bc1\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5411\u76ee\u6807\u8bbe\u5907\u53d1\u9001\u7279\u5236\u7684BGP\u66f4\u65b0\u6d88\u606f\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxosbgp",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-12386",
  "openTime": "2018-06-30",
  "patchDescription": "Cisco Nexus 2000 Series Switches\u7b49\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Cisco Nexus 2000 Series Switches\u7b49\u90fd\u662f\u4ea4\u6362\u673a\u8bbe\u5907\u3002Fabric Modules\u662f\u4e00\u6b3e\u4ea4\u6362\u673a\u77e9\u9635\u6a21\u5757\u3002NX-OS Software\u662f\u8fd0\u884c\u5728\u5176\u4e2d\u7684\u4e00\u5957\u4ea4\u6362\u673a\u4f7f\u7528\u7684\u6570\u636e\u4e2d\u5fc3\u7ea7\u64cd\u4f5c\u7cfb\u7edf\u8f6f\u4ef6\u3002Border Gateway Protocol\uff08BGP\uff09\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u8fb9\u754c\u7f51\u7edc\u534f\u8bae\u3002\r\n\r\n\u591a\u6b3eCisco\u4ea7\u54c1\u4e2dNX-OS Software\u7684Border Gateway Protocol (BGP)\u5b9e\u73b0\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5bf9BGP\u66f4\u65b0\u6d88\u606f\u6267\u884c\u5b8c\u6574\u7684\u8f93\u5165\u9a8c\u8bc1\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5411\u76ee\u6807\u8bbe\u5907\u53d1\u9001\u7279\u5236\u7684BGP\u66f4\u65b0\u6d88\u606f\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eCisco\u4ea7\u54c1NX-OS Software\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco Nexus 3000 Series Switche",
      "Cisco Nexus 7000 series switches",
      "Cisco Nexus 6000 Series Switches",
      "Cisco Nexus 7700 Series Switches",
      "Cisco Nexus 5600 Platform Switches",
      "Cisco Nexus 5500 Platform Switches",
      "Cisco Nexus 3500 Platform Switches",
      "Cisco Nexus 9500 R-Series Line Cards and Fabric Modules",
      "Cisco Nexus 3600 Platform Switches",
      "Cisco Nexus 9000 Series Switches",
      "Cisco Nexus 2000 Series Switches",
      "Cisco Nexus 9000 Series Fabric Switches"
    ]
  },
  "referenceLink": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxosbgp",
  "serverity": "\u9ad8",
  "submitTime": "2018-06-21",
  "title": "\u591a\u6b3eCisco\u4ea7\u54c1NX-OS Software\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

CVE-2018-0295 (GCVE-0-2018-0295)

Vulnerability from cvelistv5 – Published: 2018-06-20 21:00 – Updated: 2024-11-29 15:02

Summary

A vulnerability in the Border Gateway Protocol (BGP) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the device unexpectedly reloading. The vulnerability is due to incomplete input validation of the BGP update messages. An attacker could exploit this vulnerability by sending a crafted BGP update message to the targeted device. An exploit could allow the attacker to cause the switch to reload unexpectedly. The Cisco implementation of the BGP protocol only accepts incoming BGP traffic from explicitly defined peers. To exploit this vulnerability, an attacker must be able to send the malicious packets over a TCP connection that appears to come from a trusted BGP peer or inject malformed messages into the victim's BGP network. This would require obtaining information about the BGP peers in the affected system's trusted network. The vulnerability may be triggered when the router receives a malformed BGP message from a peer on an existing BGP session. At least one BGP neighbor session must be established for a router to be vulnerable. This vulnerability affects Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 3600 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCve79599, CSCve87784, CSCve91371, CSCve91387.

Severity ?

No CVSS data available.

CWE

CWE-20

Assigner

cisco

References

URL

Tags

	https://tools.cisco.com/security/center/content/C…	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1041169	vdb-entryx_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	n/a	Cisco NX-OS unknown	Affected: Cisco NX-OS unknown

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:21:15.489Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxosbgp"
          },
          {
            "name": "1041169",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041169"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-0295",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-29T14:43:43.333193Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-29T15:02:09.803Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco NX-OS unknown",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco NX-OS unknown"
            }
          ]
        }
      ],
      "datePublic": "2018-06-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Border Gateway Protocol (BGP) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the device unexpectedly reloading. The vulnerability is due to incomplete input validation of the BGP update messages. An attacker could exploit this vulnerability by sending a crafted BGP update message to the targeted device. An exploit could allow the attacker to cause the switch to reload unexpectedly. The Cisco implementation of the BGP protocol only accepts incoming BGP traffic from explicitly defined peers. To exploit this vulnerability, an attacker must be able to send the malicious packets over a TCP connection that appears to come from a trusted BGP peer or inject malformed messages into the victim\u0027s BGP network. This would require obtaining information about the BGP peers in the affected system\u0027s trusted network. The vulnerability may be triggered when the router receives a malformed BGP message from a peer on an existing BGP session. At least one BGP neighbor session must be established for a router to be vulnerable. This vulnerability affects Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 3600 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCve79599, CSCve87784, CSCve91371, CSCve91387."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-06-23T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxosbgp"
        },
        {
          "name": "1041169",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041169"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2018-0295",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco NX-OS unknown",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco NX-OS unknown"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Border Gateway Protocol (BGP) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the device unexpectedly reloading. The vulnerability is due to incomplete input validation of the BGP update messages. An attacker could exploit this vulnerability by sending a crafted BGP update message to the targeted device. An exploit could allow the attacker to cause the switch to reload unexpectedly. The Cisco implementation of the BGP protocol only accepts incoming BGP traffic from explicitly defined peers. To exploit this vulnerability, an attacker must be able to send the malicious packets over a TCP connection that appears to come from a trusted BGP peer or inject malformed messages into the victim\u0027s BGP network. This would require obtaining information about the BGP peers in the affected system\u0027s trusted network. The vulnerability may be triggered when the router receives a malformed BGP message from a peer on an existing BGP session. At least one BGP neighbor session must be established for a router to be vulnerable. This vulnerability affects Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 3600 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCve79599, CSCve87784, CSCve91371, CSCve91387."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxosbgp",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxosbgp"
            },
            {
              "name": "1041169",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041169"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2018-0295",
    "datePublished": "2018-06-20T21:00:00",
    "dateReserved": "2017-11-27T00:00:00",
    "dateUpdated": "2024-11-29T15:02:09.803Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2018-12386

CVE-2018-0295 (GCVE-0-2018-0295)

Tags

Sightings

Nomenclature