Sign-up

ID

VAR-201802-0599


CVE

CVE-2018-0132


TITLE

Cisco IOS XR Software Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-002224

DESCRIPTION

A vulnerability in the forwarding information base (FIB) code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause inconsistency between the routing information base (RIB) and the FIB, resulting in a denial of service (DoS) condition. The vulnerability is due to incorrect processing of extremely long routing updates. An attacker could exploit this vulnerability by sending a large routing update. A successful exploit could allow the attacker to trigger inconsistency between the FIB and the RIB, resulting in a DoS condition. Cisco Bug IDs: CSCus84718. Cisco IOS XR Software Contains a buffer error vulnerability. Vendors have confirmed this vulnerability Bug ID CSCus84718 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco IOSXR Software is a fully modular, distributed network operating system from Cisco's IOS software family, including IOST, IOSS, and IOSXR. Attackers can exploit this issue to cause the denial-of-service conditions

Trust: 2.52

sources: NVD: CVE-2018-0132 // JVNDB: JVNDB-2018-002224 // CNVD: CNVD-2018-05304 // BID: 102975 // VULHUB: VHN-118334

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-05304

AFFECTED PRODUCTS

vendor:ciscomodel:carrier routing systemscope:eqversion:5.3.0.rout

Trust: 1.6

vendor:ciscomodel:carrier routing systemscope: - version: -

Trust: 0.8

vendor:ciscomodel:ios xr softwarescope: - version: -

Trust: 0.6

vendor:ciscomodel:ios xr softwarescope:eqversion:5.3

Trust: 0.3

vendor:ciscomodel:ios xr softwarescope:eqversion:5.2.2

Trust: 0.3

vendor:ciscomodel:ios xr softwarescope:eqversion:5.2.1

Trust: 0.3

vendor:ciscomodel:ios xr softwarescope:eqversion:5.2

Trust: 0.3

sources: CNVD: CNVD-2018-05304 // BID: 102975 // JVNDB: JVNDB-2018-002224 // CNNVD: CNNVD-201802-269 // NVD: CVE-2018-0132

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0132
value: HIGH

Trust: 1.0

NVD: CVE-2018-0132
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-05304
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201802-269
value: HIGH

Trust: 0.6

VULHUB: VHN-118334
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0132
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-05304
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-118334
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0132
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-05304 // VULHUB: VHN-118334 // JVNDB: JVNDB-2018-002224 // CNNVD: CNNVD-201802-269 // NVD: CVE-2018-0132

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-118334 // JVNDB: JVNDB-2018-002224 // NVD: CVE-2018-0132

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201802-269

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201802-269

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-002224

PATCH
title:cisco-sa-20180207-iosxrurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-iosxr
Trust: 0.8
title:Patch for CiscoIOSXRSoftware Denial of Service Vulnerability (CNVD-2018-05304)url:https://www.cnvd.org.cn/patchInfo/show/121511
Trust: 0.6
title:Cisco IOS XR Software Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78381
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-05304 // 
            
            
            
            JVNDB: JVNDB-2018-002224 // 
            
            
            
            CNNVD: CNNVD-201802-269

EXTERNAL IDS
db:NVDid:CVE-2018-0132
Trust: 3.4
db:BIDid:102975
Trust: 2.6
db:SECTRACKid:1040344
Trust: 2.3
db:JVNDBid:JVNDB-2018-002224
Trust: 0.8
db:CNNVDid:CNNVD-201802-269
Trust: 0.7
db:CNVDid:CNVD-2018-05304
Trust: 0.6
db:VULHUBid:VHN-118334
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-05304 // 
            
            
            
            VULHUB: VHN-118334 // 
            
            
            
            BID: 102975 // 
            
            
            
            JVNDB: JVNDB-2018-002224 // 
            
            
            
            CNNVD: CNNVD-201802-269 // 
            
            
            
            NVD: CVE-2018-0132

REFERENCES
url:http://www.securityfocus.com/bid/102975
Trust: 2.3
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180207-iosxr
Trust: 2.0
url:http://www.securitytracker.com/id/1040344
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0132
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0132
Trust: 0.8
url:https://securitytracker.com/id/1040344
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-05304 // 
            
            
            
            VULHUB: VHN-118334 // 
            
            
            
            BID: 102975 // 
            
            
            
            JVNDB: JVNDB-2018-002224 // 
            
            
            
            CNNVD: CNNVD-201802-269 // 
            
            
            
            NVD: CVE-2018-0132

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 102975

SOURCES
db:CNVDid:CNVD-2018-05304
db:VULHUBid:VHN-118334
db:BIDid:102975
db:JVNDBid:JVNDB-2018-002224
db:CNNVDid:CNNVD-201802-269
db:NVDid:CVE-2018-0132

LAST UPDATE DATE
2024-11-23T23:12:15.086000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-05304date:2018-03-15T00:00:00
db:VULHUBid:VHN-118334date:2019-10-09T00:00:00
db:BIDid:102975date:2018-02-07T00:00:00
db:JVNDBid:JVNDB-2018-002224date:2018-04-03T00:00:00
db:CNNVDid:CNNVD-201802-269date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0132date:2024-11-21T03:37:35.120

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-05304date:2018-03-15T00:00:00
db:VULHUBid:VHN-118334date:2018-02-08T00:00:00
db:BIDid:102975date:2018-02-07T00:00:00
db:JVNDBid:JVNDB-2018-002224date:2018-04-03T00:00:00
db:CNNVDid:CNNVD-201802-269date:2018-02-09T00:00:00
db:NVDid:CVE-2018-0132date:2018-02-08T07:29:00.790