Details of VAR-201802-0611

ID

VAR-201802-0611

CVE

CVE-2018-0117

TITLE

Cisco Virtualized Packet Core-Distributed Instance Software input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-002227

DESCRIPTION

A vulnerability in the ingress packet processing functionality of the Cisco Virtualized Packet Core-Distributed Instance (VPC-DI) Software could allow an unauthenticated, remote attacker to cause both control function (CF) instances on an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient handling of user-supplied data by the affected software. An attacker could exploit this vulnerability by sending malicious traffic to the internal distributed instance (DI) network address on an affected system. A successful exploit could allow the attacker to cause an unhandled error condition on the affected system, which would cause the CF instances to reload and consequently cause the entire VPC to reload, resulting in the disconnection of all subscribers and a DoS condition on the affected system. This vulnerability affects Cisco Virtualized Packet Core-Distributed Instance (VPC-DI) Software N4.0 through N5.5 with the Cisco StarOS operating system 19.2 through 21.3. Cisco Bug IDs: CSCve17656. Vendors have confirmed this vulnerability Bug ID CSCve17656 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state

Trust: 1.98

sources: NVD: CVE-2018-0117 // JVNDB: JVNDB-2018-002227 // BID: 102970 // VULHUB: VHN-118319

AFFECTED PRODUCTS

vendor:	cisco	model:	asr 5500	scope:	eq	version:	21.1.v0.66836	Trust: 1.6
vendor:	cisco	model:	asr 5000	scope:	eq	version:	21.6.0	Trust: 1.6
vendor:	cisco	model:	asr 5000	scope:	eq	version:	21.3.0	Trust: 1.6
vendor:	cisco	model:	asr 5500	scope:	eq	version:	21.6.0	Trust: 1.6
vendor:	cisco	model:	asr 5000	scope:	eq	version:	21.1.v7	Trust: 1.6
vendor:	cisco	model:	asr 5000	scope:	eq	version:	21.1.v0.66836	Trust: 1.6
vendor:	cisco	model:	asr 5500	scope:	eq	version:	21.3.0	Trust: 1.6
vendor:	cisco	model:	asr 5500	scope:	eq	version:	21.1.v7	Trust: 1.6
vendor:	cisco	model:	asr 5000	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asr 5500	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	virtualized packet core-distributed instance software n5.5	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	virtualized packet core-distributed instance software n5.1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	virtualized packet core-distributed instance software n5.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	virtualized packet core-distributed instance software n4.7	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	virtualized packet core-distributed instance software n4.6	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	virtualized packet core-distributed instance software n4.5	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	virtualized packet core-distributed instance software n4.2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	virtualized packet core-distributed instance software n4.0	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	staros	scope:	eq	version:	21.3	Trust: 0.3
vendor:	cisco	model:	staros	scope:	eq	version:	21.1	Trust: 0.3
vendor:	cisco	model:	staros	scope:	eq	version:	21.0	Trust: 0.3
vendor:	cisco	model:	staros	scope:	eq	version:	20.2	Trust: 0.3
vendor:	cisco	model:	staros	scope:	eq	version:	20.1	Trust: 0.3
vendor:	cisco	model:	staros	scope:	eq	version:	20.0	Trust: 0.3
vendor:	cisco	model:	staros	scope:	eq	version:	19.3	Trust: 0.3
vendor:	cisco	model:	staros	scope:	eq	version:	19.2	Trust: 0.3
vendor:	cisco	model:	asr series	scope:	eq	version:	50000	Trust: 0.3
vendor:	cisco	model:	virtualized packet core-distributed instance software n5.1.9	scope:	ne	version:	-	Trust: 0.3

sources: BID: 102970 // JVNDB: JVNDB-2018-002227 // CNNVD: CNNVD-201802-278 // NVD: CVE-2018-0117

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0117
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-0117
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201802-278
value:	HIGH
Trust: 0.6
VULHUB:	VHN-118319
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-0117
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-118319
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0117
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	4.0
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-118319 // JVNDB: JVNDB-2018-002227 // CNNVD: CNNVD-201802-278 // NVD: CVE-2018-0117

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-118319 // JVNDB: JVNDB-2018-002227 // NVD: CVE-2018-0117

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201802-278

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 102970 // CNNVD: CNNVD-201802-278

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-002227

PATCH

title:	cisco-sa-20180207-vpcdi	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-vpcdi	Trust: 0.8
title:	Cisco Virtualized Packet Core-Distributed Instance Software Cisco StarOS Operating system security vulnerability Repair measures	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78389	Trust: 0.6

sources: JVNDB: JVNDB-2018-002227 // CNNVD: CNNVD-201802-278

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0117	Trust: 2.8
db:	BID	id:	102970	Trust: 2.0
db:	JVNDB	id:	JVNDB-2018-002227	Trust: 0.8
db:	CNNVD	id:	CNNVD-201802-278	Trust: 0.7
db:	VULHUB	id:	VHN-118319	Trust: 0.1

sources: VULHUB: VHN-118319 // BID: 102970 // JVNDB: JVNDB-2018-002227 // CNNVD: CNNVD-201802-278 // NVD: CVE-2018-0117

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180207-vpcdi	Trust: 2.0
url:	http://www.securityfocus.com/bid/102970	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0117	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0117	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-118319 // BID: 102970 // JVNDB: JVNDB-2018-002227 // CNNVD: CNNVD-201802-278 // NVD: CVE-2018-0117

CREDITS

Cisco

Trust: 0.3

sources: BID: 102970

SOURCES

db:	VULHUB	id:	VHN-118319
db:	BID	id:	102970
db:	JVNDB	id:	JVNDB-2018-002227
db:	CNNVD	id:	CNNVD-201802-278
db:	NVD	id:	CVE-2018-0117

LAST UPDATE DATE

2024-11-23T22:59:06.595000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-118319	date:	2019-10-09T00:00:00
db:	BID	id:	102970	date:	2018-02-07T00:00:00
db:	JVNDB	id:	JVNDB-2018-002227	date:	2018-04-03T00:00:00
db:	CNNVD	id:	CNNVD-201802-278	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-0117	date:	2024-11-21T03:37:33.370

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-118319	date:	2018-02-08T00:00:00
db:	BID	id:	102970	date:	2018-02-07T00:00:00
db:	JVNDB	id:	JVNDB-2018-002227	date:	2018-04-03T00:00:00
db:	CNNVD	id:	CNNVD-201802-278	date:	2018-02-09T00:00:00
db:	NVD	id:	CVE-2018-0117	date:	2018-02-08T07:29:00.320