CVE-2018-0295 (CNNVD-201806-1052)
中文标题:
多款Cisco产品NX-OS Software 输入验证漏洞
英文标题:
A vulnerability in the Border Gateway Protocol (BGP) implementation of Cisco NX-OS Software could al...
漏洞描述
中文描述:
Cisco Nexus 2000 Series Switches等都是美国思科(Cisco)公司的产品。Cisco Nexus 2000 Series Switches等都是交换机设备。Fabric Modules是一款交换机矩阵模块。NX-OS Software是运行在其中的一套交换机使用的数据中心级操作系统软件。Border Gateway Protocol(BGP)是其中的一个边界网络协议。 多款Cisco产品中NX-OS Software的Border Gateway Protocol (BGP)实现存在输入验证漏洞,该漏洞源于程序没有对BGP更新消息执行完整的输入验证。远程攻击者可通过向目标设备发送特制的BGP更新消息利用该漏洞造成拒绝服务。以下产品受到影响:Cisco Nexus 2000 Series Switches;Nexus 3000 Series Switches;Nexus 3500 Platform Switches;Nexus 3600 Platform Switches;Nexus 5500 Platform Switches;Nexus 5600 Platform Switches;Nexus 6000 Series Switches;Nexus 7000 Series Switches;Nexus 7700 Series Switches;Nexus 9000 Series Fabric Switches(在Application Centric Infrastructure模式下);Nexus 9000 Series Switches(在standalone NX-OS模式下);Nexus 9500 R-Series Line Cards and Fabric Modules。
英文描述:
A vulnerability in the Border Gateway Protocol (BGP) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the device unexpectedly reloading. The vulnerability is due to incomplete input validation of the BGP update messages. An attacker could exploit this vulnerability by sending a crafted BGP update message to the targeted device. An exploit could allow the attacker to cause the switch to reload unexpectedly. The Cisco implementation of the BGP protocol only accepts incoming BGP traffic from explicitly defined peers. To exploit this vulnerability, an attacker must be able to send the malicious packets over a TCP connection that appears to come from a trusted BGP peer or inject malformed messages into the victim's BGP network. This would require obtaining information about the BGP peers in the affected system's trusted network. The vulnerability may be triggered when the router receives a malformed BGP message from a peer on an existing BGP session. At least one BGP neighbor session must be established for a router to be vulnerable. This vulnerability affects Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 3600 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCve79599, CSCve87784, CSCve91371, CSCve91387.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| cisco | nx-os | * | - | - |
cpe:2.3:o:cisco:nx-os:*:*:*:*:*:*:*:*
|
| cisco | nx-os | 7.0\(3\)i7 | - | - |
cpe:2.3:o:cisco:nx-os:7.0\(3\)i7:*:*:*:*:*:*:*
|
| cisco | nx-os | 7.0 | - | - |
cpe:2.3:o:cisco:nx-os:7.0:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2018-0295 |
2025-11-11 15:19:35 | 2025-11-11 07:34:57 |
| NVD | nvd_CVE-2018-0295 |
2025-11-11 14:55:55 | 2025-11-11 07:43:33 |
| CNNVD | cnnvd_CNNVD-201806-1052 |
2025-11-11 15:10:02 | 2025-11-11 07:53:46 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 输入验证错误
- cnnvd_id: 未提取 -> CNNVD-201806-1052
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- severity: SeverityLevel.MEDIUM -> SeverityLevel.HIGH
- cvss_score: 未提取 -> 7.5
- cvss_vector: NOT_EXTRACTED -> CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- cvss_version: NOT_EXTRACTED -> 3.0
- affected_products_count: 0 -> 3
- data_sources: ['cve'] -> ['cve', 'nvd']