Vulnerability Description
A vulnerability in the Precision Time Protocol (PTP) feature of Cisco Nexus 5500, 5600, and 6000 Series Switches running Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of protection against PTP frame flood attacks. An attacker could exploit this vulnerability by sending large streams of malicious IPv4 or IPv6 PTP traffic to the affected device. A successful exploit could allow the attacker to cause a DoS condition, impacting the traffic passing through the device.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Nx-Os | 7.3\(2\)n1\(0.8\) |
| Cisco | Nexus 5548P | - |
| Cisco | Nexus 5548Up | - |
| Cisco | Nexus 5596T | - |
| Cisco | Nexus 5596Up | - |
| Cisco | Nexus 56128P | - |
| Cisco | Nexus 5624Q | - |
| Cisco | Nexus 5648Q | - |
| Cisco | Nexus 5672Up | - |
| Cisco | Nexus 5672Up-16G | - |
| Cisco | Nexus 5696Q | - |
| Cisco | Nexus 6001 | - |
| Cisco | Nexus 6004 | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/105669Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1041920Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- http://www.securityfocus.com/bid/105669Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1041920Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
FAQ
What is CVE-2018-0378?
CVE-2018-0378 is a vulnerability with a CVSS score of 8.6 (HIGH). A vulnerability in the Precision Time Protocol (PTP) feature of Cisco Nexus 5500, 5600, and 6000 Series Switches running Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a...
How severe is CVE-2018-0378?
CVE-2018-0378 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-0378?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Nx-Os, Cisco Nexus 5548P, Cisco Nexus 5548Up, Cisco Nexus 5596T, Cisco Nexus 5596Up.