7.1

CVE-2018-0189

A vulnerability in the Forwarding Information Base (FIB) code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, network attacker to cause a denial of service (DoS) condition. The vulnerability is due to a limitation in the way the FIB is internally representing recursive routes. An attacker could exploit this vulnerability by injecting routes into the routing protocol that have a specific recursive pattern. The attacker must be in a position on the network that provides the ability to inject a number of recursive routes with a specific pattern. An exploit could allow the attacker to cause an affected device to reload, creating a DoS condition. Cisco Bug IDs: CSCva91655.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CiscoIos Xe Version < 15.5\(3\)s5
CiscoIos Xe Version < 15.5\(3\)m5
CiscoIos Xe Version < 15.4\(3\)s7
CiscoIos Xe Version < 15.4\(2\)s1
CiscoIos Xe Version < 15.4\(1\)s1
CiscoIos Xe Version < 15.4\(1\)s0a
CiscoIos Xe Version < 15.2\(5\)e1
CiscoIos Xe Version < 15.2\(4\)e5
CiscoIos Xe Version < 15.2\(2\)e1
CiscoIos Xe Version < 15.2\(1\)e1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.34% 0.534
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 1.6 3.6
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 7.1 8.6 6.9
AV:N/AC:M/Au:N/C:N/I:N/A:C
http://www.securityfocus.com/bid/103548
Third Party Advisory
VDB Entry