7.4

CVE-2018-0165

A vulnerability in the Internet Group Management Protocol (IGMP) packet-processing functionality of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust buffers on an affected device, resulting in a denial of service (DoS) condition, aka a Memory Leak. The vulnerability is due to the affected software insufficiently processing IGMP Membership Query packets that are sent to an affected device. An attacker could exploit this vulnerability by sending a large number of IGMP Membership Query packets, which contain certain values, to an affected device. A successful exploit could allow the attacker to exhaust buffers on the affected device, resulting in a DoS condition that requires the device to be reloaded manually. This vulnerability affects: Cisco Catalyst 4500 Switches with Supervisor Engine 8-E, if they are running Cisco IOS XE Software Release 3.x.x.E and IP multicast routing is configured; Cisco devices that are running Cisco IOS XE Software Release 16.x, if IP multicast routing is configured. Cisco Bug IDs: CSCuw09295, CSCve94496.

Data is provided by the National Vulnerability Database (NVD)
CiscoIos Xe Version15.2(3)e
   CiscoCatalyst 4000 Version-
CiscoIos Xe Versiondenali-16.3.3
   CiscoCatalyst 3850-12s-e Version-
   CiscoCatalyst 3850-12s-s Version-
   CiscoCatalyst 3850-12xs-e Version-
   CiscoCatalyst 3850-12xs-s Version-
   CiscoCatalyst 3850-16xs-e Version-
   CiscoCatalyst 3850-16xs-s Version-
   CiscoCatalyst 3850-24p-e Version-
   CiscoCatalyst 3850-24p-l Version-
   CiscoCatalyst 3850-24p-s Version-
   CiscoCatalyst 3850-24pw-s Version-
   CiscoCatalyst 3850-24s-e Version-
   CiscoCatalyst 3850-24s-s Version-
   CiscoCatalyst 3850-24t-e Version-
   CiscoCatalyst 3850-24t-l Version-
   CiscoCatalyst 3850-24t-s Version-
   CiscoCatalyst 3850-24u-e Version-
   CiscoCatalyst 3850-24u-l Version-
   CiscoCatalyst 3850-24u-s Version-
   CiscoCatalyst 3850-24xs-e Version-
   CiscoCatalyst 3850-24xs-s Version-
   CiscoCatalyst 3850-24xu-e Version-
   CiscoCatalyst 3850-24xu-l Version-
   CiscoCatalyst 3850-24xu-s Version-
   CiscoCatalyst 3850-32xs-e Version-
   CiscoCatalyst 3850-32xs-s Version-
   CiscoCatalyst 3850-48f-e Version-
   CiscoCatalyst 3850-48f-l Version-
   CiscoCatalyst 3850-48f-s Version-
   CiscoCatalyst 3850-48p-e Version-
   CiscoCatalyst 3850-48p-l Version-
   CiscoCatalyst 3850-48p-s Version-
   CiscoCatalyst 3850-48pw-s Version-
   CiscoCatalyst 3850-48t-e Version-
   CiscoCatalyst 3850-48t-l Version-
   CiscoCatalyst 3850-48t-s Version-
   CiscoCatalyst 3850-48u-e Version-
   CiscoCatalyst 3850-48u-l Version-
   CiscoCatalyst 3850-48u-s Version-
   CiscoCatalyst 3850-48xs-e Version-
   CiscoCatalyst 3850-48xs-f-e Version-
   CiscoCatalyst 3850-48xs-f-s Version-
   CiscoCatalyst 3850-48xs-s Version-
   CiscoCatalyst C3850-12x48u-e Version-
   CiscoCatalyst C3850-12x48u-l Version-
   CiscoCatalyst C3850-12x48u-s Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.26% 0.488
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.4 2.8 4
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
nvd@nist.gov 6.1 6.5 6.9
AV:A/AC:L/Au:N/C:N/I:N/A:C
CWE-772 Missing Release of Resource after Effective Lifetime

The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

http://www.securityfocus.com/bid/103568
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040592
Third Party Advisory
VDB Entry