Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
CVE-2018-0102
CVE information
Published
Last Modified
CVSSv2.0 Severity
CVSSv3.1 Severity
Impact Analysis
Description
A vulnerability in the Pong tool of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software attempts to free the same area of memory twice. An attacker could exploit this vulnerability by sending a pong request to an affected device from a location on the network that causes the pong reply packet to egress both a FabricPath port and a non-FabricPath port. An exploit could allow the attacker to cause a dual or quad supervisor virtual port-channel (vPC) to reload. This vulnerability affects the following products when running Cisco NX-OS Software Release 7.2(1)D(1), 7.2(2)D1(1), or 7.2(2)D1(2) with both the Pong and FabricPath features enabled and the FabricPath port is actively monitored via a SPAN session: Cisco Nexus 7000 Series Switches and Cisco Nexus 7700 Series Switches. Cisco Bug IDs: CSCuv98660..
CVSSv2.0 Score
- Severity
- Medium
- Base Score
- 6.1/10
- Exploit Score
- 6.5/10
- Access Vector
- Adjacent_network
- Access Complexity
- Low
- Authentication Required
- None
- Impact Score
- 6.9/10
- Confidentiality Impact
- None
- Availability Impact
- Complete
- Integrity Impact
- None
CVSSv3.1 Score
- Severity
- High
- Base Score
- 7.4/10
- Exploit Score
- 2.8/10
- Access Vector
- Adjacent_network
- Access Complexity
- Low
- Privileges Required
- None
- Impact Score
- 4/10
- Confidentiality Impact
- None
- Availability Impact
- High
- Integrity Impact
- None
- Scope
- Changed
- User Interaction
- None
Products Affected
CPE | Affected | Vulnerable | Excluding | Edit |
---|---|---|---|---|
cpe:2.3:o:cisco:nx-os:7.2\(1\)d\(1\):*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:cisco:nx-os:7.2\(2\)d1\(1\):*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:cisco:nx-os:7.2\(2\)d1\(2\):*:*:*:*:*:*:* |
Yes
|
- | - |