Sign-up

ID

VAR-201803-1383


CVE

CVE-2018-0165


TITLE

Cisco IOS XE Software resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-003520

DESCRIPTION

A vulnerability in the Internet Group Management Protocol (IGMP) packet-processing functionality of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust buffers on an affected device, resulting in a denial of service (DoS) condition, aka a Memory Leak. The vulnerability is due to the affected software insufficiently processing IGMP Membership Query packets that are sent to an affected device. An attacker could exploit this vulnerability by sending a large number of IGMP Membership Query packets, which contain certain values, to an affected device. A successful exploit could allow the attacker to exhaust buffers on the affected device, resulting in a DoS condition that requires the device to be reloaded manually. This vulnerability affects: Cisco Catalyst 4500 Switches with Supervisor Engine 8-E, if they are running Cisco IOS XE Software Release 3.x.x.E and IP multicast routing is configured; Cisco devices that are running Cisco IOS XE Software Release 16.x, if IP multicast routing is configured. Cisco Bug IDs: CSCuw09295, CSCve94496. Vendors have confirmed this vulnerability Bug ID CSCuw09295 and CSCve94496 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. The Cisco Catalyst 4500 Switches with Supervisor Engine 8-E is a switch from Cisco. IOSXESoftware is an operating system that runs on Cisco network devices. A resource management error vulnerability exists in the Internet Group Management Protocol (IGMP) packet processing feature in Cisco IOSXE Software, which stems from a failure of the program to adequately process IGMP MembershipQuery packets

Trust: 2.61

sources: NVD: CVE-2018-0165 // JVNDB: JVNDB-2018-003520 // CNVD: CNVD-2018-07303 // BID: 103568 // VULHUB: VHN-118367 // VULMON: CVE-2018-0165

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-07303

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:eqversion:denali-16.3.3

Trust: 1.6

vendor:ciscomodel:ios xescope:eqversion:15.2\(3\)e

Trust: 1.6

vendor:ciscomodel:iosscope: - version: -

Trust: 0.8

vendor:ciscomodel:ios xe softwarescope:eqversion:16.*

Trust: 0.6

vendor:ciscomodel:ios xe softwarescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:catalyst series switches 15.2 escope:eqversion:4000

Trust: 0.3

vendor:ciscomodel:catalyst series switchesscope:eqversion:385016.3(0.71)

Trust: 0.3

sources: CNVD: CNVD-2018-07303 // BID: 103568 // JVNDB: JVNDB-2018-003520 // CNNVD: CNNVD-201803-1026 // NVD: CVE-2018-0165

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0165
value: HIGH

Trust: 1.0

NVD: CVE-2018-0165
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-07303
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201803-1026
value: HIGH

Trust: 0.6

VULHUB: VHN-118367
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-0165
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0165
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2018-07303
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-118367
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0165
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 4.0
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-07303 // VULHUB: VHN-118367 // VULMON: CVE-2018-0165 // JVNDB: JVNDB-2018-003520 // CNNVD: CNNVD-201803-1026 // NVD: CVE-2018-0165

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

problemtype:CWE-772

Trust: 1.1

sources: VULHUB: VHN-118367 // JVNDB: JVNDB-2018-003520 // NVD: CVE-2018-0165

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201803-1026

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201803-1026

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-003520

PATCH
title:cisco-sa-20180328-igmpurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-igmp
Trust: 0.8
title:Patch for Cisco IOSXESoftware Denial of Service Vulnerability (CNVD-2018-07303)url:https://www.cnvd.org.cn/patchInfo/show/125165
Trust: 0.6
title:Cisco IOS XE Software Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79494
Trust: 0.6
title:Cisco: Cisco IOS XE Software Internet Group Management Protocol Memory Leak Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20180328-igmp
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-07303 // 
            
            
            
            VULMON: CVE-2018-0165 // 
            
            
            
            JVNDB: JVNDB-2018-003520 // 
            
            
            
            CNNVD: CNNVD-201803-1026

EXTERNAL IDS
db:NVDid:CVE-2018-0165
Trust: 3.5
db:BIDid:103568
Trust: 2.7
db:SECTRACKid:1040592
Trust: 1.8
db:JVNDBid:JVNDB-2018-003520
Trust: 0.8
db:CNNVDid:CNNVD-201803-1026
Trust: 0.7
db:CNVDid:CNVD-2018-07303
Trust: 0.6
db:VULHUBid:VHN-118367
Trust: 0.1
db:VULMONid:CVE-2018-0165
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-07303 // 
            
            
            
            VULHUB: VHN-118367 // 
            
            
            
            VULMON: CVE-2018-0165 // 
            
            
            
            BID: 103568 // 
            
            
            
            JVNDB: JVNDB-2018-003520 // 
            
            
            
            CNNVD: CNNVD-201803-1026 // 
            
            
            
            NVD: CVE-2018-0165

REFERENCES
url:http://www.securityfocus.com/bid/103568
Trust: 2.5
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180328-igmp
Trust: 2.2
url:http://www.securitytracker.com/id/1040592
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0165
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0165
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://www.cisco.com/c/en/us/products/ios-nx-os-software/ios-xe/index.html
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/772.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-07303 // 
            
            
            
            VULHUB: VHN-118367 // 
            
            
            
            VULMON: CVE-2018-0165 // 
            
            
            
            BID: 103568 // 
            
            
            
            JVNDB: JVNDB-2018-003520 // 
            
            
            
            CNNVD: CNNVD-201803-1026 // 
            
            
            
            NVD: CVE-2018-0165

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 103568

SOURCES
db:CNVDid:CNVD-2018-07303
db:VULHUBid:VHN-118367
db:VULMONid:CVE-2018-0165
db:BIDid:103568
db:JVNDBid:JVNDB-2018-003520
db:CNNVDid:CNNVD-201803-1026
db:NVDid:CVE-2018-0165

LAST UPDATE DATE
2024-11-23T22:55:59.307000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-07303date:2018-04-10T00:00:00
db:VULHUBid:VHN-118367date:2019-10-09T00:00:00
db:VULMONid:CVE-2018-0165date:2019-10-09T00:00:00
db:BIDid:103568date:2018-03-28T00:00:00
db:JVNDBid:JVNDB-2018-003520date:2018-05-25T00:00:00
db:CNNVDid:CNNVD-201803-1026date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0165date:2024-11-21T03:37:38.727

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-07303date:2018-04-10T00:00:00
db:VULHUBid:VHN-118367date:2018-03-28T00:00:00
db:VULMONid:CVE-2018-0165date:2018-03-28T00:00:00
db:BIDid:103568date:2018-03-28T00:00:00
db:JVNDBid:JVNDB-2018-003520date:2018-05-25T00:00:00
db:CNNVDid:CNNVD-201803-1026date:2018-03-29T00:00:00
db:NVDid:CVE-2018-0165date:2018-03-28T22:29:00.860