CVE-2018-0102

Severity Score

7.4

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A vulnerability in the Pong tool of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software attempts to free the same area of memory twice. An attacker could exploit this vulnerability by sending a pong request to an affected device from a location on the network that causes the pong reply packet to egress both a FabricPath port and a non-FabricPath port. An exploit could allow the attacker to cause a dual or quad supervisor virtual port-channel (vPC) to reload. This vulnerability affects the following products when running Cisco NX-OS Software Release 7.2(1)D(1), 7.2(2)D1(1), or 7.2(2)D1(2) with both the Pong and FabricPath features enabled and the FabricPath port is actively monitored via a SPAN session: Cisco Nexus 7000 Series Switches and Cisco Nexus 7700 Series Switches. Cisco Bug IDs: CSCuv98660.

Una vulnerabilidad en la herramienta Pong de Cisco NX-OS Software podría permitir que un atacante adyacente sin autenticar haga que el dispositivo afectado se reinicie y provoque una denegación de servicio (DoS) como consecuencia. La vulnerabilidad existe porque el software afectado intenta liberar la misma área de memoria dos veces. Un atacante podría explotar esta vulnerabilidad enviando una petición pong a un dispositivo afectado desde una ubicación en la red que provoca que el paquete de respuesta pong salga tanto de un puerto FabricPath como de un puerto no FabricPath. Su explotación podría permitir que el atacante haga que se reinicie el vPC (Virtural port-channel) supervisor dual o quad. Esta vulnerabilidad afecta a los siguientes productos cuando ejecutan versiones de software Cisco NX-OS 7.2(1)D(1), 7.2(2)D1(1) o 7.2(2)D1(2) con las características Pong y FabricPath activadas y el puerto FabricPath es monitorizado activamente en una sesión SPAN: Cisco Nexus 7000 Series Switches y Cisco Nexus 7700 Series Switches. Cisco Bug IDs: CSCuv98660.

*Credits: N/A

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Adjacent

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-11-27 CVE Reserved
2018-01-18 CVE Published
2023-07-21 EPSS Updated
2024-08-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-399: Resource Management Errors
CWE-415: Double Free

CAPEC

References (3)

URL	Tag	Source
http://www.securityfocus.com/bid/102728	Third Party Advisory
http://www.securitytracker.com/id/1040219	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-nx-os	2019-10-09

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"		Nx-os Search vendor "Cisco" for product "Nx-os"				7.2\(1\)d\(1\) Search vendor "Cisco" for product "Nx-os" and version "7.2\(1\)d\(1\)"		-		Affected
Cisco Search vendor "Cisco"		Nx-os Search vendor "Cisco" for product "Nx-os"				7.2\(2\)d1\(1\) Search vendor "Cisco" for product "Nx-os" and version "7.2\(2\)d1\(1\)"		-		Affected
Cisco Search vendor "Cisco"		Nx-os Search vendor "Cisco" for product "Nx-os"				7.2\(2\)d1\(2\) Search vendor "Cisco" for product "Nx-os" and version "7.2\(2\)d1\(2\)"		-		Affected