Details of VAR-201803-1379

ID

VAR-201803-1379

CVE

CVE-2018-0160

TITLE

Cisco IOS Double release vulnerability in software

Trust: 0.8

sources: JVNDB: JVNDB-2018-003522

DESCRIPTION

A vulnerability in Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper management of memory resources, referred to as a double free. An attacker could exploit this vulnerability by sending crafted SNMP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. To exploit this vulnerability via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for an affected system. To exploit this vulnerability via SNMP Version 3, the attacker must know the user credentials for the affected system. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software, have been configured to be queried over SNMP, and have Network Address Translation (NAT) enabled. Cisco Bug IDs: CSCve75818. Vendors have confirmed this vulnerability Cisco Bug ID : CSCve75818 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. Simple Network Management Protocol (SNMP) subsystem is one of the simple network management subsystems used for network device management information exchange

Trust: 1.98

sources: NVD: CVE-2018-0160 // JVNDB: JVNDB-2018-003522 // BID: 103575 // VULHUB: VHN-118362

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xe	scope:	eq	version:	15.5\(3\)s	Trust: 1.6
vendor:	cisco	model:	ios	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ios xe software	scope:	eq	version:	0	Trust: 0.3

sources: BID: 103575 // JVNDB: JVNDB-2018-003522 // CNNVD: CNNVD-201803-1030 // NVD: CVE-2018-0160

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0160
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-0160
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201803-1030
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-118362
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-0160
severity:	MEDIUM
baseScore:	6.3
vectorString:	AV:N/AC:M/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.8
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-118362
severity:	MEDIUM
baseScore:	6.3
vectorString:	AV:N/AC:M/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.8
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0160
baseSeverity:	MEDIUM
baseScore:	6.3
vectorString:	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	4.0
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-118362 // JVNDB: JVNDB-2018-003522 // CNNVD: CNNVD-201803-1030 // NVD: CVE-2018-0160

PROBLEMTYPE DATA

problemtype:

CWE-415

Trust: 1.9

sources: VULHUB: VHN-118362 // JVNDB: JVNDB-2018-003522 // NVD: CVE-2018-0160

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-1030

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201803-1030

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-003522

PATCH

title:	cisco-sa-20180328-snmp-dos	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-snmp-dos	Trust: 0.8
title:	Cisco IOS XE Software Simple Network Management Protocol Subsystem security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79498	Trust: 0.6

sources: JVNDB: JVNDB-2018-003522 // CNNVD: CNNVD-201803-1030

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0160	Trust: 2.8
db:	BID	id:	103575	Trust: 2.0
db:	SECTRACK	id:	1040584	Trust: 1.7
db:	JVNDB	id:	JVNDB-2018-003522	Trust: 0.8
db:	CNNVD	id:	CNNVD-201803-1030	Trust: 0.7
db:	VULHUB	id:	VHN-118362	Trust: 0.1

sources: VULHUB: VHN-118362 // BID: 103575 // JVNDB: JVNDB-2018-003522 // CNNVD: CNNVD-201803-1030 // NVD: CVE-2018-0160

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180328-snmp-dos	Trust: 2.0
url:	http://www.securityfocus.com/bid/103575	Trust: 1.7
url:	http://www.securitytracker.com/id/1040584	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0160	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0160	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-118362 // BID: 103575 // JVNDB: JVNDB-2018-003522 // CNNVD: CNNVD-201803-1030 // NVD: CVE-2018-0160

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 103575

SOURCES

db:	VULHUB	id:	VHN-118362
db:	BID	id:	103575
db:	JVNDB	id:	JVNDB-2018-003522
db:	CNNVD	id:	CNNVD-201803-1030
db:	NVD	id:	CVE-2018-0160

LAST UPDATE DATE

2024-11-23T23:02:11.951000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-118362	date:	2019-10-09T00:00:00
db:	BID	id:	103575	date:	2018-03-28T00:00:00
db:	JVNDB	id:	JVNDB-2018-003522	date:	2018-05-25T00:00:00
db:	CNNVD	id:	CNNVD-201803-1030	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-0160	date:	2024-11-21T03:37:38.200

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-118362	date:	2018-03-28T00:00:00
db:	BID	id:	103575	date:	2018-03-28T00:00:00
db:	JVNDB	id:	JVNDB-2018-003522	date:	2018-05-25T00:00:00
db:	CNNVD	id:	CNNVD-201803-1030	date:	2018-03-29T00:00:00
db:	NVD	id:	CVE-2018-0160	date:	2018-03-28T22:29:00.657