mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
112 lines
3.7 KiB
JSON
112 lines
3.7 KiB
JSON
{
|
|
"CVE_data_meta" : {
|
|
"ASSIGNER" : "psirt@cisco.com",
|
|
"DATE_PUBLIC" : "2018-10-17T16:00:00-0500",
|
|
"ID" : "CVE-2018-0395",
|
|
"STATE" : "PUBLIC",
|
|
"TITLE" : "Cisco FXOS and NX-OS Software Link Layer Discovery Protocol Denial of Service Vulnerability"
|
|
},
|
|
"affects" : {
|
|
"vendor" : {
|
|
"vendor_data" : [
|
|
{
|
|
"product" : {
|
|
"product_data" : [
|
|
{
|
|
"product_name" : "Cisco NX-OS Software",
|
|
"version" : {
|
|
"version_data" : [
|
|
{
|
|
"affected" : "<",
|
|
"version_value" : "6.2(1)"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name" : "Firepower 4100 Series Next-Generation Firewalls ",
|
|
"version" : {
|
|
"version_data" : [
|
|
{
|
|
"affected" : "<",
|
|
"version_value" : "<2.3.1.58"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name" : "Cisco"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format" : "MITRE",
|
|
"data_type" : "CVE",
|
|
"data_version" : "4.0",
|
|
"description" : {
|
|
"description_data" : [
|
|
{
|
|
"lang" : "eng",
|
|
"value" : "A vulnerability in the Link Layer Discovery Protocol (LLDP) implementation for Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition when the device unexpectedly reloads. The vulnerability is due to improper input validation of certain type, length, value (TLV) fields of the LLDP frame header. An attacker could exploit this vulnerability by sending a crafted LLDP packet to an interface on the targeted device. A successful exploit could allow the attacker to cause the switch to reload unexpectedly."
|
|
}
|
|
]
|
|
},
|
|
"exploit" : [
|
|
{
|
|
"lang" : "eng",
|
|
"value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
|
|
}
|
|
],
|
|
"impact" : {
|
|
"cvss" : {
|
|
"baseScore" : "8.8",
|
|
"vectorString" : "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H ",
|
|
"version" : "3.0"
|
|
}
|
|
},
|
|
"problemtype" : {
|
|
"problemtype_data" : [
|
|
{
|
|
"description" : [
|
|
{
|
|
"lang" : "eng",
|
|
"value" : "CWE-20"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references" : {
|
|
"reference_data" : [
|
|
{
|
|
"name" : "20181017 Cisco FXOS and NX-OS Software Link Layer Discovery Protocol Denial of Service Vulnerability",
|
|
"refsource" : "CISCO",
|
|
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-fxnx-os-dos"
|
|
},
|
|
{
|
|
"name" : "105674",
|
|
"refsource" : "BID",
|
|
"url" : "http://www.securityfocus.com/bid/105674"
|
|
},
|
|
{
|
|
"name" : "1041919",
|
|
"refsource" : "SECTRACK",
|
|
"url" : "http://www.securitytracker.com/id/1041919"
|
|
}
|
|
]
|
|
},
|
|
"source" : {
|
|
"advisory" : "cisco-sa-20181017-fxnx-os-dos",
|
|
"defect" : [
|
|
[
|
|
"CSCuc98542",
|
|
"CSCvf23367",
|
|
"CSCvj94174",
|
|
"CSCvj96148"
|
|
]
|
|
],
|
|
"discovery" : "INTERNAL"
|
|
}
|
|
}
|