Sign-up

ID

VAR-201803-1373


CVE

CVE-2018-0154


TITLE

Cisco IOS Software resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-003425

DESCRIPTION

A vulnerability in the crypto engine of the Cisco Integrated Services Module for VPN (ISM-VPN) running Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient handling of VPN traffic by the affected device. An attacker could exploit this vulnerability by sending crafted VPN traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to hang or crash, resulting in a DoS condition. Cisco Bug IDs: CSCvd39267. Cisco IOS The software contains a resource management vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvd39267 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. Crypto engine is one of the encryption engines

Trust: 2.07

sources: NVD: CVE-2018-0154 // JVNDB: JVNDB-2018-003425 // BID: 103559 // VULHUB: VHN-118356 // VULMON: CVE-2018-0154

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:iosscope: - version: -

Trust: 0.8

vendor:ciscomodel:ios softwarescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:integrated services module for vpnscope:eqversion:0

Trust: 0.3

sources: BID: 103559 // JVNDB: JVNDB-2018-003425 // CNNVD: CNNVD-201803-1036 // NVD: CVE-2018-0154

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0154
value: HIGH

Trust: 1.0

NVD: CVE-2018-0154
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201803-1036
value: HIGH

Trust: 0.6

VULHUB: VHN-118356
value: HIGH

Trust: 0.1

VULMON: CVE-2018-0154
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-0154
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-118356
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0154
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2018-0154
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-118356 // VULMON: CVE-2018-0154 // JVNDB: JVNDB-2018-003425 // CNNVD: CNNVD-201803-1036 // NVD: CVE-2018-0154

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: VULHUB: VHN-118356 // JVNDB: JVNDB-2018-003425 // NVD: CVE-2018-0154

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-1036

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201803-1036

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-003425

PATCH
title:cisco-sa-20180328-dosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dos
Trust: 0.8
title:Cisco IOS Software Integrated Services Module for VPN crypto Fixes for engine resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79504
Trust: 0.6
title:Cisco: Cisco IOS Software Integrated Services Module for VPN Denial of Service Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20180328-dos
Trust: 0.1
title:Known Exploited Vulnerabilities Detectorurl:https://github.com/Ostorlab/KEV 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-0154 // 
            
            
            
            JVNDB: JVNDB-2018-003425 // 
            
            
            
            CNNVD: CNNVD-201803-1036

EXTERNAL IDS
db:NVDid:CVE-2018-0154
Trust: 2.9
db:BIDid:103559
Trust: 2.1
db:SECTRACKid:1040585
Trust: 1.8
db:JVNDBid:JVNDB-2018-003425
Trust: 0.8
db:CNNVDid:CNNVD-201803-1036
Trust: 0.7
db:VULHUBid:VHN-118356
Trust: 0.1
db:VULMONid:CVE-2018-0154
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118356 // 
            
            
            
            VULMON: CVE-2018-0154 // 
            
            
            
            BID: 103559 // 
            
            
            
            JVNDB: JVNDB-2018-003425 // 
            
            
            
            CNNVD: CNNVD-201803-1036 // 
            
            
            
            NVD: CVE-2018-0154

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180328-dos
Trust: 2.2
url:http://www.securityfocus.com/bid/103559
Trust: 1.9
url:http://www.securitytracker.com/id/1040585
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0154
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0154
Trust: 0.8
url:http://www.cisco.com
Trust: 0.3
url:http://www.cisco.com/en/us/products/sw/iosswrel/products_ios_cisco_ios_software_category_home.html
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/ostorlab/kev
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118356 // 
            
            
            
            VULMON: CVE-2018-0154 // 
            
            
            
            BID: 103559 // 
            
            
            
            JVNDB: JVNDB-2018-003425 // 
            
            
            
            CNNVD: CNNVD-201803-1036 // 
            
            
            
            NVD: CVE-2018-0154

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 103559

SOURCES
db:VULHUBid:VHN-118356
db:VULMONid:CVE-2018-0154
db:BIDid:103559
db:JVNDBid:JVNDB-2018-003425
db:CNNVDid:CNNVD-201803-1036
db:NVDid:CVE-2018-0154

LAST UPDATE DATE
2024-11-23T22:26:26.772000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118356date:2019-10-09T00:00:00
db:VULMONid:CVE-2018-0154date:2019-10-09T00:00:00
db:BIDid:103559date:2018-03-28T00:00:00
db:JVNDBid:JVNDB-2018-003425date:2018-05-23T00:00:00
db:CNNVDid:CNNVD-201803-1036date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0154date:2024-11-21T03:37:37.330

SOURCES RELEASE DATE
db:VULHUBid:VHN-118356date:2018-03-28T00:00:00
db:VULMONid:CVE-2018-0154date:2018-03-28T00:00:00
db:BIDid:103559date:2018-03-28T00:00:00
db:JVNDBid:JVNDB-2018-003425date:2018-05-23T00:00:00
db:CNNVDid:CNNVD-201803-1036date:2018-03-29T00:00:00
db:NVDid:CVE-2018-0154date:2018-03-28T22:29:00.373