CVE-2018-0174

Warnung

EPSS 5.61%
Veröffentlicht 28.03.2018 22:29:01
Zuletzt bearbeitet 27.01.2025 20:08:25
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software performs incomplete input validation of option 82 information that it receives in DHCP Version 4 (DHCPv4) packets from DHCP relay agents. An attacker could exploit this vulnerability by sending a crafted DHCPv4 packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCuh91645.

Betroffene Produkte Warnungen 1 Metriken 3 CWE 1 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Ios Version12.2(33)sre7a

   Cisco ≫ 7600 Series Route Switch Processor 720 Version-
   Cisco ≫ 7600 Series Supervisor Engine 32 Version-
   Cisco ≫ 7600 Series Supervisor Engine 720 Version-

Cisco ≫ Ios Xe Version12.2(33)sre7a

   Cisco ≫ 7600 Series Route Switch Processor 720 Version-
   Cisco ≫ 7600 Series Supervisor Engine 32 Version-
   Cisco ≫ 7600 Series Supervisor Engine 720 Version-

Cisco ≫ Ios Version <= 15.2\(4a\)ea5

Rockwellautomation ≫ Allen-bradley Stratix 8300 Version-

Cisco ≫ Ios Xe Version <= 15.2\(4a\)ea5

Rockwellautomation ≫ Allen-bradley Stratix 8300 Version-

Cisco ≫ Ios Version <= 15.2\(6\)e0a

   Rockwellautomation ≫ Allen-bradley Armorstratix 5700 Version-
   Rockwellautomation ≫ Allen-bradley Stratix 5400 Version-
   Rockwellautomation ≫ Allen-bradley Stratix 5410 Version-
   Rockwellautomation ≫ Allen-bradley Stratix 5700 Version-
   Rockwellautomation ≫ Allen-bradley Stratix 8000 Version-

Cisco ≫ Ios Xe Version <= 15.2\(6\)e0a

03.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Cisco IOS Software and Cisco IOS XE Software Improper Input Validation Vulnerability

Schwachstelle

A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow for denial-of-service (DoS).

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	5.61%	0.9

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.6	3.9	4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
nvd@nist.gov	7.8	10	6.9	AV:N/AC:L/Au:N/C:N/I:N/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05

Third Party Advisory

US Government Resource

https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04

Third Party Advisory

US Government Resource

http://www.securitytracker.com/id/1040591

Third Party Advisory

Broken Link

VDB Entry

https://www.tenable.com/security/research/tra-2018-06

Third Party Advisory