Details of VAR-201803-1386

ID

VAR-201803-1386

CVE

CVE-2018-0170

TITLE

Cisco IOS XE Vulnerability in using freed memory in software

Trust: 0.8

sources: JVNDB: JVNDB-2018-003570

DESCRIPTION

A vulnerability in the Cisco Umbrella Integration feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition, related to the OpenDNS software. The vulnerability is due to a logic error that exists when handling a malformed incoming packet, leading to access to an internal data structure after it has been freed. An attacker could exploit this vulnerability by sending crafted, malformed IP packets to an affected device. A successful exploit could allow the attacker to cause an affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvb86327. Vendors have confirmed this vulnerability Bug ID CSCvb86327 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state

Trust: 1.98

sources: NVD: CVE-2018-0170 // JVNDB: JVNDB-2018-003570 // BID: 103560 // VULHUB: VHN-118372

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xe	scope:	eq	version:	16.4.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.4\(1\)	Trust: 0.6
vendor:	cisco	model:	ios xe software	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	16.4(1)	Trust: 0.3

sources: BID: 103560 // JVNDB: JVNDB-2018-003570 // CNNVD: CNNVD-201803-1023 // NVD: CVE-2018-0170

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0170
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-0170
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201803-1023
value:	HIGH
Trust: 0.6
VULHUB:	VHN-118372
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-0170
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-118372
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0170
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2018-0170
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-118372 // JVNDB: JVNDB-2018-003570 // CNNVD: CNNVD-201803-1023 // NVD: CVE-2018-0170

PROBLEMTYPE DATA

problemtype:

CWE-416

Trust: 1.9

sources: VULHUB: VHN-118372 // JVNDB: JVNDB-2018-003570 // NVD: CVE-2018-0170

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-1023

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201803-1023

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-003570

PATCH

title:	cisco-sa-20180328-opendns-dos	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-opendns-dos	Trust: 0.8
title:	Cisco IOS XE Software Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79491	Trust: 0.6

sources: JVNDB: JVNDB-2018-003570 // CNNVD: CNNVD-201803-1023

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0170	Trust: 2.8
db:	BID	id:	103560	Trust: 2.0
db:	SECTRACK	id:	1040590	Trust: 1.7
db:	JVNDB	id:	JVNDB-2018-003570	Trust: 0.8
db:	CNNVD	id:	CNNVD-201803-1023	Trust: 0.7
db:	VULHUB	id:	VHN-118372	Trust: 0.1

sources: VULHUB: VHN-118372 // BID: 103560 // JVNDB: JVNDB-2018-003570 // CNNVD: CNNVD-201803-1023 // NVD: CVE-2018-0170

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180328-opendns-dos	Trust: 2.0
url:	http://www.securityfocus.com/bid/103560	Trust: 1.7
url:	http://www.securitytracker.com/id/1040590	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0170	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0170	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-118372 // BID: 103560 // JVNDB: JVNDB-2018-003570 // CNNVD: CNNVD-201803-1023 // NVD: CVE-2018-0170

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 103560

SOURCES

db:	VULHUB	id:	VHN-118372
db:	BID	id:	103560
db:	JVNDB	id:	JVNDB-2018-003570
db:	CNNVD	id:	CNNVD-201803-1023
db:	NVD	id:	CVE-2018-0170

LAST UPDATE DATE

2024-11-23T22:06:57.951000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-118372	date:	2019-12-03T00:00:00
db:	BID	id:	103560	date:	2018-03-28T00:00:00
db:	JVNDB	id:	JVNDB-2018-003570	date:	2018-05-28T00:00:00
db:	CNNVD	id:	CNNVD-201803-1023	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-0170	date:	2024-11-21T03:37:39.147

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-118372	date:	2018-03-28T00:00:00
db:	BID	id:	103560	date:	2018-03-28T00:00:00
db:	JVNDB	id:	JVNDB-2018-003570	date:	2018-05-28T00:00:00
db:	CNNVD	id:	CNNVD-201803-1023	date:	2018-03-29T00:00:00
db:	NVD	id:	CVE-2018-0170	date:	2018-03-28T22:29:01.017