Details of VAR-201803-1382

ID

VAR-201803-1382

CVE

CVE-2018-0164

TITLE

Cisco IOS XE Software resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-003568

DESCRIPTION

A vulnerability in the Switch Integrated Security Features of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an interface queue wedge. The vulnerability is due to incorrect handling of crafted IPv6 packets. An attacker could exploit this vulnerability by sending crafted IPv6 packets through the device. An exploit could allow the attacker to cause an interface queue wedge. This vulnerability affects the Cisco cBR-8 Converged Broadband Router, Cisco ASR 1000 Series Aggregation Services Routers, and Cisco Cloud Services Router 1000V Series when configured with IPv6. In the field and internal testing, this vulnerability was only observed or reproduced on the Cisco cBR-8 Converged Broadband Router. The Cisco ASR 1000 Series Aggregation Services Routers and Cisco Cloud Services Router 1000V Series contain the same code logic, so affected trains have had the code fix applied; however, on these two products, the vulnerability has not been observed in the field or successfully reproduced internally. Cisco Bug IDs: CSCvd75185. Cisco IOS XE The software contains a resource management vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvd75185 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. Cisco IOSXESoftware's SwitchIntegratedSecurity feature handles security vulnerabilities in IPv6 packets, and remote attackers can exploit vulnerabilities to submit special requests for denial of service attacks

Trust: 2.52

sources: NVD: CVE-2018-0164 // JVNDB: JVNDB-2018-003568 // CNVD: CNVD-2018-08474 // BID: 103553 // VULHUB: VHN-118366

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-08474

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xe	scope:	eq	version:	15.6\(2\)sp	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	-	version:	-	Trust: 1.4
vendor:	cisco	model:	ios xe software	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ios 15.6 sp	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	cloud services router series	scope:	eq	version:	1000v0	Trust: 0.3
vendor:	cisco	model:	cbr-8 converged broadband router	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	asr series aggregation services routers	scope:	eq	version:	10000	Trust: 0.3

sources: CNVD: CNVD-2018-08474 // BID: 103553 // JVNDB: JVNDB-2018-003568 // CNNVD: CNNVD-201803-1027 // NVD: CVE-2018-0164

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0164
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-0164
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-08474
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201803-1027
value:	HIGH
Trust: 0.6
VULHUB:	VHN-118366
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-0164
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-08474
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-118366
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0164
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	4.0
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-08474 // VULHUB: VHN-118366 // JVNDB: JVNDB-2018-003568 // CNNVD: CNNVD-201803-1027 // NVD: CVE-2018-0164

PROBLEMTYPE DATA

problemtype:	CWE-399	Trust: 1.9
problemtype:	NVD-CWE-noinfo	Trust: 1.0

sources: VULHUB: VHN-118366 // JVNDB: JVNDB-2018-003568 // NVD: CVE-2018-0164

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-1027

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201803-1027

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-003568

PATCH

title:	cisco-sa-20180328-sisf	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-sisf	Trust: 0.8
title:	Patch for Cisco IOSXESoftware Denial of Service Vulnerability (CNVD-2018-08474)	url:	https://www.cnvd.org.cn/patchInfo/show/127477	Trust: 0.6
title:	Multiple Cisco product IOS XE Software Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79495	Trust: 0.6

sources: CNVD: CNVD-2018-08474 // JVNDB: JVNDB-2018-003568 // CNNVD: CNNVD-201803-1027

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0164	Trust: 3.4
db:	BID	id:	103553	Trust: 2.0
db:	JVNDB	id:	JVNDB-2018-003568	Trust: 0.8
db:	CNNVD	id:	CNNVD-201803-1027	Trust: 0.7
db:	CNVD	id:	CNVD-2018-08474	Trust: 0.6
db:	VULHUB	id:	VHN-118366	Trust: 0.1

sources: CNVD: CNVD-2018-08474 // VULHUB: VHN-118366 // BID: 103553 // JVNDB: JVNDB-2018-003568 // CNNVD: CNNVD-201803-1027 // NVD: CVE-2018-0164

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180328-sisf	Trust: 2.0
url:	http://www.securityfocus.com/bid/103553	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0164	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0164	Trust: 0.8
url:	https://bst.cloudapps.cisco.com/bugsearch/bug/cscvd75185	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3
url:	https://blogs.cisco.com/security/cisco_ios_queue_wedges_explained	Trust: 0.3

sources: CNVD: CNVD-2018-08474 // VULHUB: VHN-118366 // BID: 103553 // JVNDB: JVNDB-2018-003568 // CNNVD: CNNVD-201803-1027 // NVD: CVE-2018-0164

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 103553

SOURCES

db:	CNVD	id:	CNVD-2018-08474
db:	VULHUB	id:	VHN-118366
db:	BID	id:	103553
db:	JVNDB	id:	JVNDB-2018-003568
db:	CNNVD	id:	CNNVD-201803-1027
db:	NVD	id:	CVE-2018-0164

LAST UPDATE DATE

2024-11-23T22:17:37.569000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-08474	date:	2018-04-26T00:00:00
db:	VULHUB	id:	VHN-118366	date:	2019-10-09T00:00:00
db:	BID	id:	103553	date:	2018-03-28T00:00:00
db:	JVNDB	id:	JVNDB-2018-003568	date:	2018-05-28T00:00:00
db:	CNNVD	id:	CNNVD-201803-1027	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-0164	date:	2024-11-21T03:37:38.590

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-08474	date:	2018-04-26T00:00:00
db:	VULHUB	id:	VHN-118366	date:	2018-03-28T00:00:00
db:	BID	id:	103553	date:	2018-03-28T00:00:00
db:	JVNDB	id:	JVNDB-2018-003568	date:	2018-05-28T00:00:00
db:	CNNVD	id:	CNNVD-201803-1027	date:	2018-03-29T00:00:00
db:	NVD	id:	CVE-2018-0164	date:	2018-03-28T22:29:00.797