8.6

CVE-2018-0174

Warnung
A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software performs incomplete input validation of option 82 information that it receives in DHCP Version 4 (DHCPv4) packets from DHCP relay agents. An attacker could exploit this vulnerability by sending a crafted DHCPv4 packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCuh91645.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)

03.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Cisco IOS Software and Cisco IOS XE Software Improper Input Validation Vulnerability

Schwachstelle

A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow for denial-of-service (DoS).

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 7.61% 0.938
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.6 3.9 4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
nvd@nist.gov 7.8 10 6.9
AV:N/AC:L/Au:N/C:N/I:N/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.6 3.9 4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05
Third Party Advisory
US Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04
Third Party Advisory
US Government Resource
http://www.securitytracker.com/id/1040591
Third Party Advisory
Broken Link
VDB Entry
https://www.tenable.com/security/research/tra-2018-06
Third Party Advisory
http://www.securityfocus.com/bid/103554
Third Party Advisory
Broken Link
VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dhcpr3
Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-0174
US Government Resource