CVE-2018-0298

A vulnerability in the web UI of Cisco FXOS and Cisco UCS Fabric Interconnect Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected system. The vulnerability is due to incorrect input validation in the web UI. An attacker could exploit this vulnerability by sending a malicious HTTP or HTTPS packet directed to the physical management interface of an affected system. A successful exploit could allow the attacker to cause the process to crash and possibly reload the device, resulting in a denial of service (DoS) condition on the affected system. This vulnerability affects Firepower 4100 Series Next-Generation Firewall, Firepower 9300 Security Appliance, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvb61398, CSCvb86799.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*
OR cpe:2.3:h:cisco:ucs_6120xp:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ucs_6140xp:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ucs_6248up:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ucs_6296up:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ucs_6324:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ucs_6332:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:cisco:firepower_extensible_operating_system:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:firepower_extensible_operating_system:*:*:*:*:*:*:*:*
OR cpe:2.3:h:cisco:firepower_4110:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:firepower_4120:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:firepower_4140:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:firepower_4150:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:cisco:firepower_extensible_operating_system:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:firepower_extensible_operating_system:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:firepower_9300_security_appliance:-:*:*:*:*:*:*:*

History

21 Nov 2024, 03:37

Type Values Removed Values Added
References () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fxos-dosĀ - Vendor Advisory () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fxos-dosĀ - Vendor Advisory

Information

Published : 2018-06-21 11:29

Updated : 2024-11-21 03:37


NVD link : CVE-2018-0298

Mitre link : CVE-2018-0298

CVE.ORG link : CVE-2018-0298


JSON object : View

Products Affected

cisco

  • ucs_6140xp
  • ucs_6120xp
  • firepower_extensible_operating_system
  • firepower_4110
  • ucs_6296up
  • firepower_9300_security_appliance
  • nx-os
  • ucs_6332
  • firepower_4150
  • firepower_4140
  • ucs_6248up
  • firepower_4120
  • ucs_6324
CWE
CWE-20

Improper Input Validation

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer