CVE-2018-0302
Summary
| CVE | CVE-2018-0302 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-06-21 11:29:00 UTC |
| Updated | 2023-04-20 15:27:00 UTC |
| Description | A vulnerability in the CLI parser of Cisco FXOS Software and Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to incorrect input validation in the CLI parser subsystem. An attacker could exploit this vulnerability by exceeding the expected length of user input. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the affected system. This vulnerability affects Firepower 4100 Series Next-Generation Firewall, Firepower 9300 Security Appliance, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvb61099, CSCvb86743. |
Risk And Classification
Problem Types: CWE-119
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Cisco | Firepower 4110 | - | All | All | All |
| Hardware | Cisco | Firepower 4110 | - | All | All | All |
| Hardware | Cisco | Firepower 4120 | - | All | All | All |
| Hardware | Cisco | Firepower 4120 | - | All | All | All |
| Hardware | Cisco | Firepower 4140 | - | All | All | All |
| Hardware | Cisco | Firepower 4140 | - | All | All | All |
| Hardware | Cisco | Firepower 4150 | - | All | All | All |
| Hardware | Cisco | Firepower 4150 | - | All | All | All |
| Hardware | Cisco | Firepower 9300 Security Appliance | - | All | All | All |
| Hardware | Cisco | Firepower 9300 Security Appliance | - | All | All | All |
| Operating System | Cisco | Firepower Extensible Operating System | All | All | All | All |
| Operating System | Cisco | Fxos | All | All | All | All |
| Operating System | Cisco | Fxos | All | All | All | All |
| Operating System | Cisco | Nx-os | 3.1(1k)a | All | All | All |
| Operating System | Cisco | Nx-os | 3.1\(1k\)a | All | All | All |
| Operating System | Cisco | Nx-os | 3.1\(1k\)a | All | All | All |
| Hardware | Cisco | Ucs 6120xp | - | All | All | All |
| Hardware | Cisco | Ucs 6120xp | - | All | All | All |
| Hardware | Cisco | Ucs 6140xp | - | All | All | All |
| Hardware | Cisco | Ucs 6140xp | - | All | All | All |
| Hardware | Cisco | Ucs 6248up | - | All | All | All |
| Hardware | Cisco | Ucs 6248up | - | All | All | All |
| Hardware | Cisco | Ucs 6296up | - | All | All | All |
| Hardware | Cisco | Ucs 6296up | - | All | All | All |
| Hardware | Cisco | Ucs 6324 | - | All | All | All |
| Hardware | Cisco | Ucs 6324 | - | All | All | All |
| Hardware | Cisco | Ucs 6332 | - | All | All | All |
| Hardware | Cisco | Ucs 6332 | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cisco FXOS Software and UCS Fabric Interconnect Arbitrary Code Execution Vulnerability | CONFIRM | tools.cisco.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.