Vulnerability Name:

CVE-2018-0378 (CCN-151396)

Assigned:2017-11-27
Published:2018-10-17
Updated:2019-10-09
Summary:A vulnerability in the Precision Time Protocol (PTP) feature of Cisco Nexus 5500, 5600, and 6000 Series Switches running Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of protection against PTP frame flood attacks. An attacker could exploit this vulnerability by sending large streams of malicious IPv4 or IPv6 PTP traffic to the affected device. A successful exploit could allow the attacker to cause a DoS condition, impacting the traffic passing through the device.
CVSS v3 Severity:8.6 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)
7.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
8.6 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)
7.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:7.8 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-20
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2018-0378

Source: BID
Type: Third Party Advisory, VDB Entry
105669

Source: CCN
Type: BID-105669
Cisco NX-OS Software Precision Time Protocol CVE-2018-0378 Remote Denial of Service Vulnerability

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1041920

Source: XF
Type: UNKNOWN
cisco-cve20180378-dos(151396)

Source: CCN
Type: Cisco Security Advisory cisco-sa-20181017-nexus-ptp-dos
Cisco NX-OS Software for Nexus 5500, 5600, and 6000 Series Switches Precision Time Protocol Denial of Service Vulnerability

Source: CISCO
Type: Vendor Advisory
20181017 Cisco NX-OS Software for Nexus 5500, 5600, and 6000 Series Switches Precision Time Protocol Denial of Service Vulnerability

Vulnerable Configuration:Configuration 1:
  • cpe:/o:cisco:nx-os:7.3(2)n1(0.8):*:*:*:*:*:*:*
  • AND
  • cpe:/h:cisco:nexus_5548p:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:nexus_5548up:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:nexus_5596t:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:nexus_5596up:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:nexus_56128p:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:nexus_5624q:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:nexus_5648q:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:nexus_5672up:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:nexus_5672up-16g:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:nexus_5696q:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:nexus_6001:-:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:nexus_6004:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    cisco nx-os 7.3(2)n1(0.8)
    cisco nexus 5548p -
    cisco nexus 5548up -
    cisco nexus 5596t -
    cisco nexus 5596up -
    cisco nexus 56128p -
    cisco nexus 5624q -
    cisco nexus 5648q -
    cisco nexus 5672up -
    cisco nexus 5672up-16g -
    cisco nexus 5696q -
    cisco nexus 6001 -
    cisco nexus 6004 -