CVE-2018-0298

Description

A vulnerability in the web UI of Cisco FXOS and Cisco UCS Fabric Interconnect Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected system. The vulnerability is due to incorrect input validation in the web UI. An attacker could exploit this vulnerability by sending a malicious HTTP or HTTPS packet directed to the physical management interface of an affected system. A successful exploit could allow the attacker to cause the process to crash and possibly reload the device, resulting in a denial of service (DoS) condition on the affected system. This vulnerability affects Firepower 4100 Series Next-Generation Firewall, Firepower 9300 Security Appliance, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvb61398, CSCvb86799.

Risk Information

Base Score

7.5

MODERATE

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score

Exploitation Probability

1.33

Associated Vulnerability

Vulnerability	OS Platform
Cisco FXOS Software and UCS Fabric Interconnect Web UI Denial of Service Vulnerability For Cisco Firepower 9300 Series	NCM
Cisco FXOS Software and UCS Fabric Interconnect Web UI Denial of Service Vulnerability For Cisco Unified Computing System	NCM
Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2018-0298)	NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-1705710	Security Update for Cisco Firepower 9300 Series 1.1(3.76)
PATCH-1706036	Security Update for Cisco Unified Computing System 3.2(1d)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234