First published: Thu Jun 21 2018(Updated: )
A vulnerability in the web UI of Cisco FXOS and Cisco UCS Fabric Interconnect Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected system. The vulnerability is due to incorrect input validation in the web UI. An attacker could exploit this vulnerability by sending a malicious HTTP or HTTPS packet directed to the physical management interface of an affected system. A successful exploit could allow the attacker to cause the process to crash and possibly reload the device, resulting in a denial of service (DoS) condition on the affected system. This vulnerability affects Firepower 4100 Series Next-Generation Firewall, Firepower 9300 Security Appliance, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvb61398, CSCvb86799.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Nx-os | >=3.0\(2\)<3.1\(3a\)a | |
Cisco Ucs 6120xp | ||
Cisco Ucs 6140xp | ||
Cisco Ucs 6248up | ||
Cisco Ucs 6296up | ||
Cisco Ucs 6324 | ||
Cisco Ucs 6332 | ||
Cisco Firepower Extensible Operating System | >=1.1<1.1.4.169 | |
Cisco Firepower Extensible Operating System | >=2.0<2.0.1.135 | |
Cisco Firepower 4110 | ||
Cisco Firepower 4120 | ||
Cisco Firepower 4140 | ||
Cisco Firepower 4150 | ||
Cisco Firepower Extensible Operating System | >=1.1<1.1.4.179 | |
Cisco Firepower Extensible Operating System | >=2.0<2.0.1.153 | |
Cisco Firepower 9300 Security Appliance |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2018-0298.
The severity of CVE-2018-0298 is high (7.5).
CVE-2018-0298 could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected system.
An attacker could exploit CVE-2018-0298 by leveraging incorrect input validation in the web UI.
More information about CVE-2018-0298 can be found at the following link: [https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fxos-dos](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fxos-dos)