CVE-2018-0475

EPSS 0.35%
Veröffentlicht 05.10.2018 14:29:05
Zuletzt bearbeitet 21.11.2024 03:38:18
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

A vulnerability in the implementation of the cluster feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation when handling Cluster Management Protocol (CMP) messages. An attacker could exploit this vulnerability by sending a malicious CMP message to an affected device. A successful exploit could allow the attacker to cause the switch to crash and reload or to hang, resulting in a DoS condition. If the switch hangs it will not reboot automatically, and it will need to be power cycled manually to recover.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Ios Version15.0(2.0.0)

Cisco ≫ Ios Xe Version15.0(2.0.0)

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.35%	0.568

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.4	2.8	4	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
nvd@nist.gov	6.1	6.5	6.9	AV:A/AC:L/Au:N/C:N/I:N/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securitytracker.com/id/1041737

Third Party Advisory

VDB Entry

http://www.securityfocus.com/bid/105404

Third Party Advisory

VDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-cmp

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-0475

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-0475

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-0475

EUVD