漏洞标题
N/A
漏洞描述信息
Cisco Firepower Extensible Operating System (FXOS) 和 NX-OS 系统软件的认证、授权和 accounting(AAA)实现中存在漏洞,可能导致未授权的远程攻击者使受影响的设备重新加载。该漏洞是由于AAA进程在受影响的设备收到高频率的登录尝试时,阻止了 NX-OS 系统管理器接收维持消息,例如在 brute-force 登录攻击中。在同一条件下,FXOS 设备可能会内存不足,这可能导致 AAA 进程意外重启或使设备重新加载。攻击者可以通过对具有 AAA 安全性配置的设备进行 brute-force 登录攻击来利用此漏洞。成功利用此漏洞可能导致攻击者使受影响的设备重新加载。如果这些设备运行了配置为 AAA 服务的 Cisco FXOS 或 NX-OS 系统软件,则此漏洞会影响以下 Cisco 产品: Firepower 4100 Series 下一代防火墙,Firepower 9300 安全设备,多层 director 交换机, Nexus 1000V 系列交换机, Nexus 1100 系列云服务平台, Nexus 2000 系列交换机, Nexus 3000 系列交换机, Nexus 3500 平台交换机, Nexus 5000 系列交换机, Nexus 5500 平台交换机, Nexus 5600 平台交换机, Nexus 6000 系列交换机, Nexus 7000 系列交换机, Nexus 7700 系列交换机, Nexus 9000 系列交换机在 NX-OS 模式下, Nexus 9500 R-Series 线卡和网络组件,Unified Computing System (UCS) 6100 系列网络连接,UCS 6200 系列网络连接,UCS 6300 系列网络连接。Cisco Bug ID: CSCuq58760, CSCuq71257, CSCur97432, CSCus05214, CSCux54898, CSCvc33141, CSCvd36971, CSCve03660。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
A vulnerability in the authentication, authorization, and accounting (AAA) implementation of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability occurs because AAA processes prevent the NX-OS System Manager from receiving keepalive messages when an affected device receives a high rate of login attempts, such as in a brute-force login attack. System memory can run low on the FXOS devices under the same conditions, which could cause the AAA process to unexpectedly restart or cause the device to reload. An attacker could exploit this vulnerability by performing a brute-force login attack against a device that is configured with AAA security services. A successful exploit could allow the attacker to cause the affected device to reload. This vulnerability affects the following Cisco products if they are running Cisco FXOS or NX-OS System Software that is configured for AAA services: Firepower 4100 Series Next-Generation Firewall, Firepower 9300 Security Appliance, Multilayer Director Switches, Nexus 1000V Series Switches, Nexus 1100 Series Cloud Services Platforms, Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Unified Computing System (UCS) 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCuq58760, CSCuq71257, CSCur97432, CSCus05214, CSCux54898, CSCvc33141, CSCvd36971, CSCve03660.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
多款Cisco产品Firepower Extensible Operating System和NX-OS System Software 资源管理错误漏洞
漏洞描述信息
Cisco Firepower 4100 Series Next-Generation Firewall等都是美国思科(Cisco)公司的产品。Cisco Firepower 4100 Series Next-Generation Firewall是一款4100系列防火墙产品。Multilayer Director Switches是一款网关设备。Firepower Extensible Operating System(FXOS)和NX-OS System Software都是使用在其中的系统。Fire
CVSS信息
N/A
漏洞类别
资源管理错误