CVE-2018-0378
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
17/10/2018
Last modified:
09/10/2019
Description
A vulnerability in the Precision Time Protocol (PTP) feature of Cisco Nexus 5500, 5600, and 6000 Series Switches running Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of protection against PTP frame flood attacks. An attacker could exploit this vulnerability by sending large streams of malicious IPv4 or IPv6 PTP traffic to the affected device. A successful exploit could allow the attacker to cause a DoS condition, impacting the traffic passing through the device.
Impact
Base Score 3.x
8.60
Severity 3.x
HIGH
Base Score 2.0
7.80
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:cisco:nx-os:7.3\(2\)n1\(0.8\):*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:nexus_5548p:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:nexus_5548up:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:nexus_5596t:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:nexus_5596up:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:nexus_56128p:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:nexus_5624q:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:nexus_5648q:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:nexus_5672up:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:nexus_5672up-16g:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:nexus_5696q:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:nexus_6001:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:nexus_6004:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page