CVE-2018-0117

EPSS 0.48%
Published 08.02.2018 07:29:00
Last modified 21.11.2024 03:37:33
Source psirt@cisco.com
Teams watchlist Login
Open Login

A vulnerability in the ingress packet processing functionality of the Cisco Virtualized Packet Core-Distributed Instance (VPC-DI) Software could allow an unauthenticated, remote attacker to cause both control function (CF) instances on an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient handling of user-supplied data by the affected software. An attacker could exploit this vulnerability by sending malicious traffic to the internal distributed instance (DI) network address on an affected system. A successful exploit could allow the attacker to cause an unhandled error condition on the affected system, which would cause the CF instances to reload and consequently cause the entire VPC to reload, resulting in the disconnection of all subscribers and a DoS condition on the affected system. This vulnerability affects Cisco Virtualized Packet Core-Distributed Instance (VPC-DI) Software N4.0 through N5.5 with the Cisco StarOS operating system 19.2 through 21.3. Cisco Bug IDs: CSCve17656.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Asr 5000 Firmware Version21.1.v0.66836

Cisco ≫ Asr 5000 Version-

Cisco ≫ Asr 5000 Firmware Version21.1.v7

Cisco ≫ Asr 5000 Version-

Cisco ≫ Asr 5000 Firmware Version21.3.0

Cisco ≫ Asr 5000 Version-

Cisco ≫ Asr 5000 Firmware Version21.6.0

Cisco ≫ Asr 5000 Version-

Cisco ≫ Asr 5500 Firmware Version21.1.v0.66836

Cisco ≫ Asr 5500 Version-

Cisco ≫ Asr 5500 Firmware Version21.1.v7

Cisco ≫ Asr 5500 Version-

Cisco ≫ Asr 5500 Firmware Version21.3.0

Cisco ≫ Asr 5500 Version-

Cisco ≫ Asr 5500 Firmware Version21.6.0

Cisco ≫ Asr 5500 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.48%	0.625

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.6	3.9	4	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
nvd@nist.gov	7.8	10	6.9	AV:N/AC:L/Au:N/C:N/I:N/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securityfocus.com/bid/102970

Third Party Advisory

VDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-vpcdi

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-0117

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-0117

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-0117

EUVD