Details of VAR-201803-1387

ID

VAR-201803-1387

CVE

CVE-2018-0171

TITLE

Cisco IOS Software and Cisco IOS XE Software buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-003296

DESCRIPTION

A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on an affected device. The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted Smart Install message to an affected device on TCP port 4786. A successful exploit could allow the attacker to cause a buffer overflow on the affected device, which could have the following impacts: Triggering a reload of the device, Allowing the attacker to execute arbitrary code on the device, Causing an indefinite loop on the affected device that triggers a watchdog crash. Cisco Bug IDs: CSCvg76186. Cisco IOS Software and Cisco IOS XE The software contains a buffer error vulnerability and an input validation vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvg76186 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. As a plug-and-play configuration and image management function, SmartInstall provides zero-configuration deployment for newly-joined switches, auto-initial configuration and operating system image loading, and configuration file backup. Successfully exploiting this issue may allow remote attackers to execute arbitrary code. Failed attempts will likely result in denial-of-service conditions

Trust: 2.61

sources: NVD: CVE-2018-0171 // JVNDB: JVNDB-2018-003296 // CNVD: CNVD-2018-06774 // BID: 103538 // VULHUB: VHN-118373 // VULMON: CVE-2018-0171

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-06774

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(5\)e	Trust: 1.6
vendor:	cisco	model:	ios	scope:	-	version:	-	Trust: 1.4
vendor:	cisco	model:	ios xe	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios xe software	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ios 15.2 e	scope:	-	version:	-	Trust: 0.3

sources: CNVD: CNVD-2018-06774 // BID: 103538 // JVNDB: JVNDB-2018-003296 // CNNVD: CNNVD-201803-1022 // NVD: CVE-2018-0171

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0171
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-0171
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2018-06774
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201803-1022
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-118373
value:	HIGH
Trust: 0.1
VULMON:	CVE-2018-0171
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-0171
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2018-06774
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-118373
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0171
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2018-0171
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2018-06774 // VULHUB: VHN-118373 // VULMON: CVE-2018-0171 // JVNDB: JVNDB-2018-003296 // CNNVD: CNNVD-201803-1022 // NVD: CVE-2018-0171

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.9
problemtype:	CWE-787	Trust: 1.1
problemtype:	CWE-119	Trust: 0.9

sources: VULHUB: VHN-118373 // JVNDB: JVNDB-2018-003296 // NVD: CVE-2018-0171

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-1022

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201803-1022

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-003296

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-118373

PATCH

title:	cisco-sa-20180328-smi2	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2	Trust: 0.8
title:	Patch for CiscoSmartInstall Remote Command Execution Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/124979	Trust: 0.6
title:	Cisco: Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20180328-smi2	Trust: 0.1
title:	Cisco: Action Required to Secure the Cisco IOS and IOS XE Smart Install Feature	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20180409-smi	Trust: 0.1
title:	mitigate-cve	url:	https://github.com/IPvSean/mitigate-cve	Trust: 0.1
title:	gocarts	url:	https://github.com/tomoyamachi/gocarts	Trust: 0.1
title:	Exp101tsArchiv30thers	url:	https://github.com/nu11secur1ty/Exp101tsArchiv30thers	Trust: 0.1
title:	awesome-cve-poc_qazbnm456	url:	https://github.com/xbl3/awesome-cve-poc_qazbnm456	Trust: 0.1
title:	BleepingComputer	url:	https://www.bleepingcomputer.com/news/security/cisco-asa-flaw-exploited-in-the-wild-after-publication-of-two-pocs/	Trust: 0.1
title:	BleepingComputer	url:	https://www.bleepingcomputer.com/news/security/iranian-and-russian-networks-attacked-using-ciscos-cve-2018-0171-vulnerability/	Trust: 0.1
title:	The Register	url:	https://www.theregister.co.uk/2018/03/29/cisco_critical_ios_bugs/	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/cisco-patches-two-critical-rce-bugs-in-ios-xe-software/130852/	Trust: 0.1

sources: CNVD: CNVD-2018-06774 // VULMON: CVE-2018-0171 // JVNDB: JVNDB-2018-003296

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0171	Trust: 3.5
db:	BID	id:	103538	Trust: 2.7
db:	ICS CERT	id:	ICSA-18-107-05	Trust: 2.6
db:	ICS CERT	id:	ICSA-18-107-04	Trust: 2.6
db:	SECTRACK	id:	1040580	Trust: 1.8
db:	JVNDB	id:	JVNDB-2018-003296	Trust: 0.8
db:	CNNVD	id:	CNNVD-201803-1022	Trust: 0.7
db:	CNVD	id:	CNVD-2018-06774	Trust: 0.6
db:	EXPLOIT-DB	id:	44451	Trust: 0.1
db:	SEEBUG	id:	SSVID-97206	Trust: 0.1
db:	VULHUB	id:	VHN-118373	Trust: 0.1
db:	VULMON	id:	CVE-2018-0171	Trust: 0.1

sources: CNVD: CNVD-2018-06774 // VULHUB: VHN-118373 // VULMON: CVE-2018-0171 // BID: 103538 // JVNDB: JVNDB-2018-003296 // CNNVD: CNNVD-201803-1022 // NVD: CVE-2018-0171

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180328-smi2	Trust: 2.8
url:	https://ics-cert.us-cert.gov/advisories/icsa-18-107-04	Trust: 2.7
url:	https://ics-cert.us-cert.gov/advisories/icsa-18-107-05	Trust: 2.6
url:	http://www.securityfocus.com/bid/103538	Trust: 1.9
url:	https://www.darkreading.com/perimeter/attackers-exploit-cisco-switch-issue-as-vendor-warns-of-yet-another-critical-flaw/d/d-id/1331490	Trust: 1.8
url:	http://www.securitytracker.com/id/1040580	Trust: 1.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0171	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0171	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/787.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/ipvsean/mitigate-cve	Trust: 0.1
url:	https://threatpost.com/cisco-patches-two-critical-rce-bugs-in-ios-xe-software/130852/	Trust: 0.1

sources: CNVD: CNVD-2018-06774 // VULHUB: VHN-118373 // VULMON: CVE-2018-0171 // BID: 103538 // JVNDB: JVNDB-2018-003296 // CNNVD: CNNVD-201803-1022 // NVD: CVE-2018-0171

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 103538

SOURCES

db:	CNVD	id:	CNVD-2018-06774
db:	VULHUB	id:	VHN-118373
db:	VULMON	id:	CVE-2018-0171
db:	BID	id:	103538
db:	JVNDB	id:	JVNDB-2018-003296
db:	CNNVD	id:	CNNVD-201803-1022
db:	NVD	id:	CVE-2018-0171

LAST UPDATE DATE

2024-08-14T13:28:53.549000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-06774	date:	2018-04-07T00:00:00
db:	VULHUB	id:	VHN-118373	date:	2020-09-04T00:00:00
db:	VULMON	id:	CVE-2018-0171	date:	2020-09-04T00:00:00
db:	BID	id:	103538	date:	2018-03-28T00:00:00
db:	JVNDB	id:	JVNDB-2018-003296	date:	2018-05-22T00:00:00
db:	CNNVD	id:	CNNVD-201803-1022	date:	2020-09-07T00:00:00
db:	NVD	id:	CVE-2018-0171	date:	2020-09-04T18:25:04.367

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-06774	date:	2018-03-30T00:00:00
db:	VULHUB	id:	VHN-118373	date:	2018-03-28T00:00:00
db:	VULMON	id:	CVE-2018-0171	date:	2018-03-28T00:00:00
db:	BID	id:	103538	date:	2018-03-28T00:00:00
db:	JVNDB	id:	JVNDB-2018-003296	date:	2018-05-22T00:00:00
db:	CNNVD	id:	CNNVD-201803-1022	date:	2018-03-29T00:00:00
db:	NVD	id:	CVE-2018-0171	date:	2018-03-28T22:29:01.063