CVE-2018-0378

A vulnerability in the Precision Time Protocol (PTP) feature of Cisco Nexus 5500, 5600, and 6000 Series Switches running Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of protection against PTP frame flood attacks. An attacker could exploit this vulnerability by sending large streams of malicious IPv4 or IPv6 PTP traffic to the affected device. A successful exploit could allow the attacker to cause a DoS condition, impacting the traffic passing through the device.

Published : 2018-10-17 21:49 Updated : 2019-10-09 23:31

7.8

CVSS Score More info

Score 7.8 / 10

Access vector NETWORK

A vulnerability exploitable with network access means the vulnerable software is bound to the network stack and the attacker does not require local network access or local access. Such a vulnerability is often termed "remotely exploitable". An example of a network attack is an RPC buffer overflow.

Access complexity LOW

Specialized access conditions or extenuating circumstances do not exist. The following are examples:

The affected product typically requires access to a wide range of systems and users, possibly anonymous and untrusted (e.g., Internet-facing web or mail server).
The affected configuration is default or ubiquitous.
The attack can be performed manually and requires little skill or additional information gathering.
The race condition is a lazy one (i.e., it is technically a race but easily winnable).

CPE (1)
Tree view

Vendor	Product	Version	URI
Cisco	Nx-os	7.3%282%29n1%280.8%29	cpe:/o:cisco:nx-os:7.3%282%29n1%280.8%29

Cisco (1) Search CVE
1. Nx-os (1) Search CVE
  1. 7.3%282%29n1%280.8%29

CWE

ID	Name	Description	Links
CWE-20	Improper Input Validation	The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.		CVE

References

Source	Link
CISCO	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-nexus-ptp-dos
BID	http://www.securityfocus.com/bid/105669
SECTRACK	http://www.securitytracker.com/id/1041920

History of changes

Date

Event

2019-02-15 21:57

CPEs changed

1 added

cpe:/o:cisco:nx-os:7.3%282%29n1%280.8%29 (Cisco / Nx-os)

CVSS changed

New score : 7.8
No old score

CWEs changed

Added : CWE-20

References changed

3 changed

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-nexus-ptp-dos	UNKNOWN->VENDOR_ADVISORY
http://www.securityfocus.com/bid/105669	UNKNOWN->VENDOR_ADVISORY
http://www.securitytracker.com/id/1041920	UNKNOWN->VENDOR_ADVISORY

2018-10-19 10:29

References changed

2 added

BID	http://www.securityfocus.com/bid/105669
SECTRACK	http://www.securitytracker.com/id/1041920

2018-10-17 21:49

CVE-2018-0378

Score 7.8 / 10

Access vector NETWORK

Access complexity LOW

Authentication NONE

Confidentiality impact NONE

Integrity impact NONE

Availability impact COMPLETE

CWE

References

History of changes

CPEs changed

CVSS changed

CWEs changed

References changed

References changed

New CVE