CVE-2018-0395

A vulnerability in the Link Layer Discovery Protocol (LLDP) implementation for Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition when the device unexpectedly reloads. The vulnerability is due to improper input validation of certain type, length, value (TLV) fields of the LLDP frame header. An attacker could exploit this vulnerability by sending a crafted LLDP packet to an interface on the targeted device. A successful exploit could allow the attacker to cause the switch to reload unexpectedly.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:cisco:nx-os:6.0\(4\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:nx-os:6.1\(3\)s2:*:*:*:*:*:*:*
OR cpe:2.3:h:cisco:nexus_7000_10-slot:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_7000_18-slot:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_7000_4-slot:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_7000_9-slot:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_7700_10-slot:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_7700_18-slot:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_7700_2-slot:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_7700_6-slot:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:cisco:firepower_extensible_operating_system:r231:*:*:*:*:*:*:*
cpe:2.3:o:cisco:nx-os:r231:*:*:*:*:*:*:*
cpe:2.3:h:cisco:firepower_9300:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:cisco:nx-os:12.3\(1e\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:firepower_9300:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:cisco:nx-os:3.2\(3d\)c:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ucs:-:*:*:*:*:*:*:*

History

21 Nov 2024, 03:38

Type Values Removed Values Added
CVSS v2 : 2.9
v3 : 5.3
v2 : 2.9
v3 : 8.8
References () http://www.securityfocus.com/bid/105674 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/105674 - Third Party Advisory, VDB Entry
References () http://www.securitytracker.com/id/1041919 - Third Party Advisory, VDB Entry () http://www.securitytracker.com/id/1041919 - Third Party Advisory, VDB Entry
References () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-fxnx-os-dos - Vendor Advisory () https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-fxnx-os-dos - Vendor Advisory

Information

Published : 2018-10-17 19:29

Updated : 2024-11-21 03:38


NVD link : CVE-2018-0395

Mitre link : CVE-2018-0395

CVE.ORG link : CVE-2018-0395


JSON object : View

Products Affected

cisco

  • nexus_7700_18-slot
  • firepower_extensible_operating_system
  • nexus_7000_9-slot
  • nexus_7700_6-slot
  • nx-os
  • nexus_7700_10-slot
  • nexus_7000_4-slot
  • nexus_7700_2-slot
  • firepower_9300
  • ucs
  • nexus_7000_18-slot
  • nexus_7000_10-slot
CWE
CWE-20

Improper Input Validation