CVE-2018-0295

{"id": "CVE-2018-0295", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2018-06-20T21:29:00.437", "references": [{"url": "http://www.securitytracker.com/id/1041169", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxosbgp", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Border Gateway Protocol (BGP) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the device unexpectedly reloading. The vulnerability is due to incomplete input validation of the BGP update messages. An attacker could exploit this vulnerability by sending a crafted BGP update message to the targeted device. An exploit could allow the attacker to cause the switch to reload unexpectedly. The Cisco implementation of the BGP protocol only accepts incoming BGP traffic from explicitly defined peers. To exploit this vulnerability, an attacker must be able to send the malicious packets over a TCP connection that appears to come from a trusted BGP peer or inject malformed messages into the victim's BGP network. This would require obtaining information about the BGP peers in the affected system's trusted network. The vulnerability may be triggered when the router receives a malformed BGP message from a peer on an existing BGP session. At least one BGP neighbor session must be established for a router to be vulnerable. This vulnerability affects Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 3600 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCve79599, CSCve87784, CSCve91371, CSCve91387."}, {"lang": "es", "value": "Una vulnerabilidad en la implementaci\u00f3n BGP (Border Gateway Protocol) en el software Cisco NX-OS podr\u00eda permitir que un atacante remoto sin autenticar provoque una denegaci\u00f3n de servicio (DoS) debido a que el dispositivo se recarga inesperadamente. Esta vulnerabilidad se debe a la validaci\u00f3n de entrada incompleta de los mensajes de actualizaci\u00f3n de BGP. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de un mensaje de actualizaci\u00f3n de BGP manipulado al dispositivo objetivo. Su explotaci\u00f3n podr\u00eda permitir que el atacante provoque el reinicio inesperado del switch. La implementaci\u00f3n de Cisco del protocolo BGP solo acepta el tr\u00e1fico BGP entrante desde peers definidos de forma expl\u00edcita. Para explotar esta vulnerabilidad, un atacante debe ser capaz de enviar paquetes maliciosos por una conexi\u00f3n TCP que parece provenir de un peer BGP de confianza o inyectar mensajes mal formados en la red BGP de la v\u00edctima. Esto requerir\u00eda la obtenci\u00f3n de informaci\u00f3n sobre los peers BGP en la red de confianza del sistema afectado. La vulnerabilidad podr\u00eda desencadenarse cuando el router recibe un mensaje BGP mal formado desde un peer o una sesi\u00f3n BGP existente. Debe establecerse, por lo menos, una sesi\u00f3n BGP vecina para que un router sea vulnerable. La vulnerabilidad afecta a Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 3600 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Fabric Switches en modo Application Centric Infrastructure (ACI), Nexus 9000 Series Switches en modo NX-OS independiente y los m\u00f3dulos Line Cards y Fabric de Nexus 9500 R-Series. Cisco Bug IDs: CSCve79599, CSCve87784, CSCve91371, CSCve91387."}], "lastModified": "2019-10-09T23:31:40.660", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D75479AD-9847-497C-9438-AA82D91B6F71", "versionEndExcluding": "7.3\\(3\\)n1\\(1\\)", "versionStartIncluding": "6.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:nexus_5000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4F2B1E07-8519-4F58-9048-81ABA12E01DC"}, {"criteria": "cpe:2.3:h:cisco:nexus_5010:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E275D31F-4FA1-428E-AB4A-D2802FF0CF1A"}, {"criteria": "cpe:2.3:h:cisco:nexus_5020:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BA7F5823-41A8-47C8-A154-02C6C31EF76A"}, {"criteria": "cpe:2.3:h:cisco:nexus_5548p:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E5519EA9-1236-4F51-9974-E3FC1B26B5D2"}, {"criteria": "cpe:2.3:h:cisco:nexus_5548up:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CB0A3B06-8B25-4CD3-AFA9-5F928B1042F4"}, {"criteria": "cpe:2.3:h:cisco:nexus_5596t:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1766443C-1C5A-486E-A36F-D3045F364D78"}, {"criteria": "cpe:2.3:h:cisco:nexus_5596up:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DC4D4403-F93B-4CC8-B75F-7A5B03FEDD85"}, {"criteria": "cpe:2.3:h:cisco:nexus_56128p:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "ABB6E612-4246-4408-B3F6-B31E771F5ACB"}, {"criteria": "cpe:2.3:h:cisco:nexus_5624q:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "91B129B2-2B31-4DE0-9F83-CC6E0C8729A0"}, {"criteria": "cpe:2.3:h:cisco:nexus_5648q:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3CBD3CD0-B542-4B23-9C9D-061643BE44E8"}, {"criteria": "cpe:2.3:h:cisco:nexus_5672up:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A22A2647-A4C0-4681-BBC5-D95ADBAA0457"}, {"criteria": "cpe:2.3:h:cisco:nexus_5696q:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B2BB1A3A-668C-4B0D-8AC2-6B4758B3420B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B6004E45-878B-4034-AD67-8D2CCB01E9B6", "versionEndExcluding": "8.1\\(2\\)", "versionStartIncluding": "6.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:nexus_7000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "12180BEB-7F21-4FA7-ABD2-E9A8EA7340F3"}, {"criteria": "cpe:2.3:h:cisco:nexus_7700:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DD7A4B4B-3BB1-4A4D-911E-C4EEF01BBC45"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93C9AFED-1347-4B0E-B031-AF5EA891B9BD", "versionEndExcluding": "7.0\\(3\\)i3"}, {"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "15C899EF-A64F-4FD8-851C-1D4E2929BAF4", "versionEndExcluding": "7.0\\(3\\)i7\\(1\\)", "versionStartIncluding": "7.0\\(3\\)i4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:nexus_92160yc-x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4283E433-7F8C-4410-B565-471415445811"}, {"criteria": "cpe:2.3:h:cisco:nexus_92304qc:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D5B2E4C1-2627-4B9D-8E92-4B483F647651"}, {"criteria": "cpe:2.3:h:cisco:nexus_9236c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "11411BFD-3F4D-4309-AB35-A3629A360FB0"}, {"criteria": "cpe:2.3:h:cisco:nexus_9272q:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E663DE91-C86D-48DC-B771-FA72A8DF7A7C"}, {"criteria": "cpe:2.3:h:cisco:nexus_93108tc-ex:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A90184B3-C82F-4CE5-B2AD-97D5E4690871"}, {"criteria": "cpe:2.3:h:cisco:nexus_93120tx:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "07DE6F63-2C7D-415B-8C34-01EC05C062F3"}, {"criteria": "cpe:2.3:h:cisco:nexus_93128tx:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F423E45D-A6DD-4305-9C6A-EAB26293E53A"}, {"criteria": "cpe:2.3:h:cisco:nexus_93180yc-ex:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F70D81F1-8B12-4474-9060-B4934D8A3873"}, {"criteria": "cpe:2.3:h:cisco:nexus_9332pq:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "113772B6-E9D2-4094-9468-3F4E1A87D07D"}, {"criteria": "cpe:2.3:h:cisco:nexus_9372px:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4364ADB9-8162-451D-806A-B98924E6B2CF"}, {"criteria": "cpe:2.3:h:cisco:nexus_9372tx:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "49E0371B-FDE2-473C-AA59-47E1269D050F"}, {"criteria": "cpe:2.3:h:cisco:nexus_9396px:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1BC5293E-F2B4-46DC-85DA-167EA323FCFD"}, {"criteria": "cpe:2.3:h:cisco:nexus_9396tx:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EA022E77-6557-4A33-9A3A-D028E2DB669A"}, {"criteria": "cpe:2.3:h:cisco:nexus_9504:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "768BE390-5ED5-48A7-9E80-C4DE8BA979B1"}, {"criteria": "cpe:2.3:h:cisco:nexus_9508:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DDC2F709-AFBE-48EA-A3A2-DA1134534FB6"}, {"criteria": "cpe:2.3:h:cisco:nexus_9516:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7E02DC82-0D26-436F-BA64-73C958932B0A"}, {"criteria": "cpe:2.3:h:cisco:nexus_n9k-c9508-fm-r:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0FD46BDD-4755-46DD-9F83-B2B589B09417"}, {"criteria": "cpe:2.3:h:cisco:nexus_n9k-x9636c-r:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0603E231-14E0-4224-898F-ED61641F7403"}, {"criteria": "cpe:2.3:h:cisco:nexus_n9k-x9636q-r:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FE3EB1F2-F964-4D4E-BDE7-8E6805105152"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "34CF5006-23A1-4B93-8AC6-D97ABB0C2F15", "versionEndExcluding": "7.0\\(3\\)i4"}, {"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DDF419AC-58CA-44DD-A036-F85AC8A7FC35", "versionEndExcluding": "7.0\\(3\\)i6\\(2\\)", "versionStartIncluding": "7.0\\(3\\)i5"}, {"criteria": "cpe:2.3:o:cisco:nx-os:7.0\\(3\\)i7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5DEBF467-C2E2-4ED9-8E8A-02E062E734D9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:nexus_172tq-xl:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "38AC6D08-C547-44A3-AC77-A63DB58E4889"}, {"criteria": "cpe:2.3:h:cisco:nexus_3016:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "528ED62B-D739-4E06-AC64-B506FD73BBAB"}, {"criteria": "cpe:2.3:h:cisco:nexus_3048:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FC2A6C31-438A-4CF5-A3F3-364B1672EB7D"}, {"criteria": "cpe:2.3:h:cisco:nexus_3064-32t:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "09AC2BAD-F536-48D0-A2F0-D4E290519EB6"}, {"criteria": "cpe:2.3:h:cisco:nexus_3064-t:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "65CB7F6D-A82B-4A31-BFAC-FF4A4B8DF9C1"}, {"criteria": "cpe:2.3:h:cisco:nexus_3064-x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "ECC4FFCC-E886-49BC-9737-5B5BA2AAB14B"}, {"criteria": "cpe:2.3:h:cisco:nexus_3100-v:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A8FF2EC4-0C09-4C00-9956-A2A4A894F63D"}, {"criteria": "cpe:2.3:h:cisco:nexus_31128pq:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F4226DA0-9371-401C-8247-E6E636A116C3"}, {"criteria": "cpe:2.3:h:cisco:nexus_3132c-z:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7664666F-BCE4-4799-AEEA-3A73E6AD33F4"}, {"criteria": "cpe:2.3:h:cisco:nexus_3132q:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D3DBBFE9-835C-4411-8492-6006E74BAC65"}, {"criteria": "cpe:2.3:h:cisco:nexus_3132q-x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C97C29EE-9426-4BBE-8D84-AB5FF748703D"}, {"criteria": "cpe:2.3:h:cisco:nexus_3132q-xl:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8F43B770-D96C-44EA-BC12-9F39FC4317B9"}, {"criteria": "cpe:2.3:h:cisco:nexus_3164q:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FA782EB3-E8E6-4DCF-B39C-B3CBD46E4384"}, {"criteria": "cpe:2.3:h:cisco:nexus_3172pq:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CED628B5-97A8-4B26-AA40-BEC854982157"}, {"criteria": "cpe:2.3:h:cisco:nexus_3172pq-xl:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7BB9DD73-E31D-4921-A6D6-E14E04703588"}, {"criteria": "cpe:2.3:h:cisco:nexus_3172tq:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4532F513-0543-4960-9877-01F23CA7BA1B"}, {"criteria": "cpe:2.3:h:cisco:nexus_3172tq-32t:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0B43502B-FD53-465A-B60F-6A359C6ACD99"}, {"criteria": "cpe:2.3:h:cisco:nexus_3232c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "652A2849-668D-4156-88FB-C19844A59F33"}, {"criteria": "cpe:2.3:h:cisco:nexus_3264c-e:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "24FBE87B-8A4F-43A8-98A3-4A7D9C630937"}, {"criteria": "cpe:2.3:h:cisco:nexus_3264q:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6ACD09AC-8B28-4ACB-967B-AB3D450BC137"}, {"criteria": "cpe:2.3:h:cisco:nexus_34180yc:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DC7286A7-780F-4A45-940A-4AD5C9D0F201"}, {"criteria": "cpe:2.3:h:cisco:nexus_3524-x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "10F80A72-AD54-4699-B8AE-82715F0B58E2"}, {"criteria": "cpe:2.3:h:cisco:nexus_3524-xl:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9354B6A2-D7D6-442E-BF4C-FE8A336D9E94"}, {"criteria": "cpe:2.3:h:cisco:nexus_3548:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "088C0323-683A-44F5-8D42-FF6EC85D080E"}, {"criteria": "cpe:2.3:h:cisco:nexus_3548-x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "74CB4002-7636-4382-B33E-FBA060A13C34"}, {"criteria": "cpe:2.3:h:cisco:nexus_3548-xl:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "10CEBF73-3EE0-459A-86C5-F8F6243FE27C"}, {"criteria": "cpe:2.3:h:cisco:nexus_3636c-r:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "57572E4A-78D5-4D1A-938B-F05F01759612"}, {"criteria": "cpe:2.3:h:cisco:nexus_c36180yc-r:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0C9D4C48-4D01-4761-B2D8-F16E90F78560"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D75479AD-9847-497C-9438-AA82D91B6F71", "versionEndExcluding": "7.3\\(3\\)n1\\(1\\)", "versionStartIncluding": "6.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:nexus_6001p:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "51EAD169-9036-496E-B740-45D79546F6D6"}, {"criteria": "cpe:2.3:h:cisco:nexus_6001t:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0E01F0DE-EA8A-451F-BADF-1A7A48B0C633"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:nx-os:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02DD5791-E4D3-475C-84B0-E642ACFC5EB6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:nexus_9500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "63BE0266-1C00-4D6A-AD96-7F82532ABAA7"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ykramarz@cisco.com"}