ESB-2018.1809 - ALERT [Cisco] Cisco FXOS and Cisco NX-OS: Multiple vulnerabilities 2018-06-21

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.1809
            Cisco FXOS and NX-OS Software Cisco Fabric Services
                  Arbitrary Code Execution Vulnerability
                               21 June 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Cisco FXOS
                   Cisco NX-OS
Publisher:         Cisco Systems
Operating System:  Cisco
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                   Root Compromise                 -- Existing Account      
                   Denial of Service               -- Remote/Unauthenticated
                   Access Confidential Data        -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-0314 CVE-2018-0312 CVE-2018-0311
                   CVE-2018-0310 CVE-2018-0308 CVE-2018-0305
                   CVE-2018-0304 CVE-2018-0303 CVE-2018-0294

Original Bulletin: 
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nx-os-fabric-services-dos
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nx-os-fabric-dos
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fx-os-fabric-dos
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fx-os-cli-execution
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fxnxos-fab-ace
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fxnxos-ace
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fx-os-fabric-execution
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fxnxos-dos
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxosadmin

Comment: This bulletin contains nine (9) Cisco Systems security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

Cisco Security Advisory: Cisco FXOS and NX-OS Software Cisco Fabric Services 
Denial of Service Vulnerability

Advisory ID: cisco-sa-20180620-nx-os-fabric-services-dos

Revision: 1.0

For Public Release: 2018 June 20 16:00 GMT

Last Updated: 2018 June 20 16:00 GMT

CVE ID(s): CVE-2018-0311

CVSS Score v(3): 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

+---------------------------------------------------------------------

Summary

=======

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software
and Cisco NX-OS Software could allow an unauthenticated, remote attacker to 
cause a denial of service (DoS) condition on an affected device.

The vulnerability exists because the affected software insufficiently 
validates Cisco Fabric Services packets when the software processes packet 
data. An attacker could exploit this vulnerability by sending a maliciously 
crafted Cisco Fabric Services packet to an affected device. A successful 
exploit could allow the attacker to cause a buffer overflow condition on the 
device, which could cause process crashes and result in a DoS condition on the
device.

Cisco has released software updates that address this vulnerability. There are
no workarounds that address this vulnerability.

  This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nx-os-fabric-services-dos

This advisory is part of the June 2018 Cisco FXOS and NX-OS Software Security
Advisory Collection, which includes 24 Cisco Security Advisories that describe
24 vulnerabilities. For a complete list of the advisories and links to them, 
see Cisco Event Response: June 2018 Cisco FXOS and NX-OS Software Security 


==============================================================================

Cisco Security Advisory: Cisco FXOS and NX-OS Software Cisco Fabric Services 
Denial of Service Vulnerability

Advisory ID: cisco-sa-20180620-nx-os-fabric-dos

Revision: 1.0

For Public Release: 2018 June 20 16:00 GMT

Last Updated: 2018 June 20 16:00 GMT

CVE ID(s): CVE-2018-0310

CVSS Score v(3): 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

+---------------------------------------------------------------------

Summary

=======

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software
and Cisco NX-OS Software could allow an unauthenticated, remote attacker to 
obtain sensitive information from memory or cause a denial of service (DoS) 
condition on the affected product.

The vulnerability exists because the affected software insufficiently 
validates header values in Cisco Fabric Services packets. An attacker could 
exploit this vulnerability by sending a crafted Cisco Fabric Services packet 
to an affected device. A successful exploit could allow the attacker to cause
a buffer overread condition, which could allow the attacker to obtain 
sensitive information from memory or cause a DoS condition on the affected 
product.

Cisco has released software updates that address this vulnerability. There are
no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nx-os-fabric-dos

This advisory is part of the June 2018 Cisco FXOS and NX-OS Software Security
Advisory Collection, which includes 24 Cisco Security Advisories that describe
24 vulnerabilities. For a complete list of the advisories and links to them, 
see Cisco Event Response: June 2018 Cisco FXOS and NX-OS Software Security 

==============================================================================

Cisco Security Advisory: Cisco FXOS and NX-OS Software Cisco Fabric Services 
Denial of Service Vulnerability

Advisory ID: cisco-sa-20180620-fx-os-fabric-dos

Revision: 1.0

For Public Release: 2018 June 20 16:00 GMT

Last Updated: 2018 June 20 16:00 GMT

CVE ID(s): CVE-2018-0305

CVSS Score v(3): 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

+---------------------------------------------------------------------

Summary

=======

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software
and Cisco NX-OS Software could allow an unauthenticated, remote attacker to 
cause a denial of service (DoS) condition on the affected device.

The vulnerability exists because the affected software insufficiently 
validates Cisco Fabric Services packets. An attacker could exploit this 
vulnerability by sending a crafted Cisco Fabric Services packet to an affected
device. A successful exploit could allow the attacker to force a NULL pointer
dereference and cause a DoS condition.

Cisco has released software updates that address this vulnerability. There are
no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fx-os-fabric-dos

This advisory is part of the June 2018 Cisco FXOS and NX-OS Software Security
Advisory Collection, which includes 24 Cisco Security Advisories that describe
24 vulnerabilities. For a complete list of the advisories and links to them, 
see Cisco Event Response: June 2018 Cisco FXOS and NX-OS Software Security 

==============================================================================

Cisco Security Advisory: Cisco FXOS and NX-OS Software Cisco Fabric Services 
Arbitrary Code Execution Vulnerability

Advisory ID: cisco-sa-20180620-fx-os-cli-execution

Revision: 1.0

For Public Release: 2018 June 20 16:00 GMT

Last Updated: 2018 June 20 16:00 GMT

CVE ID(s): CVE-2018-0312

CVSS Score v(3): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

+---------------------------------------------------------------------

Summary

=======

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software
and Cisco NX-OS Software could allow an unauthenticated, remote attacker to 
execute arbitrary code or cause a denial of service (DoS) condition on an 
affected device.

The vulnerability exists because the affected software insufficiently 
validates Cisco Fabric Services packet headers when the software processes 
packet data. An attacker could exploit this vulnerability by sending a 
maliciously crafted Cisco Fabric Services packet to an affected device. A 
successful exploit could allow the attacker to cause a buffer overflow 
condition on the device, which could allow the attacker to execute arbitrary 
code or cause a DoS condition on the device.

Cisco has released software updates that address this vulnerability. There are
no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fx-os-cli-execution

This advisory is part of the June 2018 Cisco FXOS and NX-OS Software Security
Advisory Collection, which includes 24 Cisco Security Advisories that describe
24 vulnerabilities. For a complete list of the advisories and links to them, 
see Cisco Event Response: June 2018 Cisco FXOS and NX-OS Software Security 

==============================================================================

Cisco Security Advisory: Cisco FXOS and NX-OS Software Cisco Fabric Services 
Arbitrary Code Execution Vulnerability

Advisory ID: cisco-sa-20180620-fxnxos-fab-ace

Revision: 1.0

For Public Release: 2018 June 20 16:00 GMT

Last Updated: 2018 June 20 16:00 GMT

CVE ID(s): CVE-2018-0308

CVSS Score v(3): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

+---------------------------------------------------------------------

Summary

=======

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software
and Cisco NX-OS Software could allow an unauthenticated, remote attacker to 
execute arbitrary code or cause a denial of service (DoS) condition.

The vulnerability exists because the affected software insufficiently 
validates header values in Cisco Fabric Services packets. An attacker could 
exploit this vulnerability by sending a crafted Cisco Fabric Services packet 
to an affected device. A successful exploit could allow the attacker to cause
a buffer overflow that could allow the attacker to execute arbitrary code or 
cause a DoS condition.

Cisco has released software updates that address this vulnerability. There are
no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fxnxos-fab-ace

This advisory is part of the June 2018 Cisco FXOS and NX-OS Software Security
Advisory Collection, which includes 24 Cisco Security Advisories that describe
24 vulnerabilities. For a complete list of the advisories and links to them, 
see Cisco Event Response: June 2018 Cisco FXOS and NX-OS Software Security 

==============================================================================

Cisco Security Advisory: Cisco FXOS and NX-OS Software Cisco Fabric Services 
Arbitrary Code Execution Vulnerability

Advisory ID: cisco-sa-20180620-fxnxos-ace

Revision: 1.0

For Public Release: 2018 June 20 16:00 GMT

Last Updated: 2018 June 20 16:00 GMT

CVE ID(s): CVE-2018-0304

CVSS Score v(3): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

+---------------------------------------------------------------------

Summary

=======

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software
and Cisco NX-OS Software could allow an unauthenticated, remote attacker to 
read sensitive memory content, create a denial of service (DoS) condition, or
execute arbitrary code as root.

The vulnerability exists because the affected software insufficiently 
validates Cisco Fabric Services packet headers. An attacker could exploit this
vulnerability by sending a crafted Cisco Fabric Services packet to an affected
device. A successful exploit could allow the attacker to cause a buffer 
overflow or buffer overread condition in the Cisco Fabric Services component,
which could allow the attacker to read sensitive memory content, create a DoS
condition, or execute arbitrary code as root.

Cisco has released software updates that address this vulnerability. There are
no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fxnxos-ace

This advisory is part of the June 2018 Cisco FXOS and NX-OS Software Security
Advisory Collection, which includes 24 Cisco Security Advisories that describe
24 vulnerabilities. For a complete list of the advisories and links to them, 
see Cisco Event Response: June 2018 Cisco FXOS and NX-OS Software Security 

==============================================================================

Cisco Security Advisory: Cisco FXOS and NX-OS Software Cisco Fabric Services 
Arbitrary Code Execution Vulnerability

Advisory ID: cisco-sa-20180620-fx-os-fabric-execution

Revision: 1.0

For Public Release: 2018 June 20 16:00 GMT

Last Updated: 2018 June 20 16:00 GMT

CVE ID(s): CVE-2018-0314

CVSS Score v(3): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

+---------------------------------------------------------------------

Summary

=======

A vulnerability in the Cisco Fabric Services (CFS) component of Cisco FXOS 
Software and Cisco NX-OS Software could allow an unauthenticated, remote 
attacker to execute arbitrary code on an affected device.

The vulnerability exists because the affected software insufficiently 
validates Cisco Fabric Services packet headers when the software processes 
packet data. An attacker could exploit this vulnerability by sending a 
maliciously crafted Cisco Fabric Services packet to an affected device. A 
successful exploit could allow the attacker to cause a buffer overflow 
condition on the device, which could allow the attacker to execute arbitrary 
code on the device.

Cisco has released software updates that address this vulnerability. There are
no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fx-os-fabric-execution

This advisory is part of the June 2018 Cisco FXOS and NX-OS Software Security
Advisory Collection, which includes 24 Cisco Security Advisories that describe
24 vulnerabilities. For a complete list of the advisories and links to them, 
see Cisco Event Response: June 2018 Cisco FXOS and NX-OS Software Security 

==============================================================================

Cisco Security Advisory: Cisco FXOS and NX-OS Software Cisco Discovery 
Protocol Arbitrary Code Execution Vulnerability

Advisory ID: cisco-sa-20180620-fxnxos-dos

Revision: 1.0

For Public Release: 2018 June 20 16:00 GMT

Last Updated: 2018 June 20 16:00 GMT

CVE ID(s): CVE-2018-0303

CVSS Score v(3): 7.5 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

+---------------------------------------------------------------------

Summary

=======

A vulnerability in the Cisco Discovery Protocol component of Cisco FXOS 
Software and Cisco NX-OS Software could allow an unauthenticated, adjacent 
attacker to execute arbitrary code as root or cause a denial of service (DoS)
condition on the affected device.

The vulnerability exists because of insufficiently validated Cisco Discovery 
Protocol packet headers. An attacker could exploit this vulnerability by 
sending a crafted Cisco Discovery Protocol packet to a Layer 2 adjacent 
affected device. A successful exploit could allow the attacker to cause a 
buffer overflow that could allow the attacker to execute arbitrary code as 
root or cause a DoS condition on the affected device.

Cisco has released software updates that address this vulnerability. There are
no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fxnxos-dos

This advisory is part of the June 2018 Cisco FXOS and NX-OS Software Security
Advisory Collection, which includes 24 Cisco Security Advisories that describe
24 vulnerabilities. For a complete list of the advisories and links to them, 
see Cisco Event Response: June 2018 Cisco FXOS and NX-OS Software Security 

==============================================================================

Cisco Security Advisory: Cisco FXOS and NX-OS Software Unauthorized 
Administrator Account Vulnerability

Advisory ID: cisco-sa-20180620-nxosadmin

Revision: 1.0

For Public Release: 2018 June 20 16:00 GMT

Last Updated: 2018 June 20 16:00 GMT

CVE ID(s): CVE-2018-0294

CVSS Score v(3): 6.4 CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

+---------------------------------------------------------------------

Summary

=======

A vulnerability in the write-erase feature of Cisco FXOS Software and Cisco 
NX-OS Software could allow an authenticated, local attacker to configure an 
unauthorized administrator account for an affected device.

The vulnerability exists because the affected software does not properly 
delete sensitive files when certain CLI commands are used to clear the device
configuration and reload a device. An attacker could exploit this 
vulnerability by logging into an affected device as an administrative user and
configuring an unauthorized account for the device. The account would not 
require a password for authentication and would be accessible only via a 
Secure Shell (SSH) connection to the device. A successful exploit could allow
the attacker to configure an unauthorized account that has administrative 
privileges, does not require a password for authentication, and does not 
appear in the running configuration or the audit logs for the affected device.

Cisco has released software updates that address this vulnerability. There are
no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxosadmin

This advisory is part of the June 2018 Cisco FXOS and NX-OS Software Security
Advisory Collection, which includes 24 Cisco Security Advisories that describe
24 vulnerabilities. For a complete list of the advisories and links to them, 
see Cisco Event Response: June 2018 Cisco FXOS and NX-OS Software Security

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWyr4JGaOgq3Tt24GAQjz5w/+Pwy0ltjtjULMXVMzEKwJaY3gjJiR5xH0
Fh5nSCX+Ws5NBSSlA+iKTix9zR2Wav5S/L1+E/IcAzoKMazvQ8yaH+SP+51STuy5
k+1MSyzoLSvd0a66HCq7+FDJKs9jDDVRFMjtbdYsOSjsaSloskueGNVh29SdH+9p
+dm6t+cSOfzxb8HEJFBQodb0prJ2jv9JzE2tcxBpPk/aeKRXtqyOC26Ko/0tT8pB
5nT2qmmYXbA5pseVK4jCfOWWSkHba7dVvVB+ZMX7gzSqn40slT1qzNsPeZp+iNQL
RenlHVv6naJMk7WKzgdhk11fz8AbVqB037UKELIDWAwLZyxe9Z/ZW7Kdj8PrDL2J
KlXLTa4EFwbH9/q8xO+dmzIcSGhIchwELr0tcUv5BUJy0tZo72CyZ5WTZpNErlXy
Kx1nVjfGFf+DRwx4WTNQfUIyLop000dS46TEO2gjNvq1jBREjcRINF42LlkmQ03J
h+08tx91r3ixs4LkxiMq7og+2Jals8yxdMHx5Uy15Y2tQoaoY1K5lfdqA57/B5Ep
1DkV5z8bjiF6Mhrvdd4PwQznw7fapDbEF+OXpbk7iwFe957WRBFz5GhHNYrFaPe9
QJl/Lhleu693uzjTuyRZ7meIFCSCfWy/UO8agZT3Pg3kF9YVIHs1MjQPMxMgs2q8
g27H2UfkTfc=
=2I77
-----END PGP SIGNATURE-----

« Back to bulletins