ID

VAR-201803-1387


CVE

CVE-2018-0171


TITLE

Cisco IOS Software and Cisco IOS XE Software buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-003296

DESCRIPTION

A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on an affected device. The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted Smart Install message to an affected device on TCP port 4786. A successful exploit could allow the attacker to cause a buffer overflow on the affected device, which could have the following impacts: Triggering a reload of the device, Allowing the attacker to execute arbitrary code on the device, Causing an indefinite loop on the affected device that triggers a watchdog crash. Cisco Bug IDs: CSCvg76186. Cisco IOS Software and Cisco IOS XE The software contains a buffer error vulnerability and an input validation vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvg76186 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. As a plug-and-play configuration and image management function, SmartInstall provides zero-configuration deployment for newly-joined switches, auto-initial configuration and operating system image loading, and configuration file backup. Successfully exploiting this issue may allow remote attackers to execute arbitrary code. Failed attempts will likely result in denial-of-service conditions

Trust: 2.61

sources: NVD: CVE-2018-0171 // JVNDB: JVNDB-2018-003296 // CNVD: CNVD-2018-06774 // BID: 103538 // VULHUB: VHN-118373 // VULMON: CVE-2018-0171

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-06774

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:eqversion:15.2\(5\)e

Trust: 1.6

vendor:ciscomodel:iosscope: - version: -

Trust: 1.4

vendor:ciscomodel:ios xescope: - version: -

Trust: 0.6

vendor:ciscomodel:ios xe softwarescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:ios 15.2 escope: - version: -

Trust: 0.3

sources: CNVD: CNVD-2018-06774 // BID: 103538 // JVNDB: JVNDB-2018-003296 // CNNVD: CNNVD-201803-1022 // NVD: CVE-2018-0171

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0171
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-0171
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2018-06774
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201803-1022
value: CRITICAL

Trust: 0.6

VULHUB: VHN-118373
value: HIGH

Trust: 0.1

VULMON: CVE-2018-0171
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-0171
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2018-06774
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-118373
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0171
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2018-0171
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2018-06774 // VULHUB: VHN-118373 // VULMON: CVE-2018-0171 // JVNDB: JVNDB-2018-003296 // CNNVD: CNNVD-201803-1022 // NVD: CVE-2018-0171

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

problemtype:CWE-787

Trust: 1.1

problemtype:CWE-119

Trust: 0.9

sources: VULHUB: VHN-118373 // JVNDB: JVNDB-2018-003296 // NVD: CVE-2018-0171

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-1022

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201803-1022

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-003296

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-118373

PATCH

title:cisco-sa-20180328-smi2url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2

Trust: 0.8

title:Patch for CiscoSmartInstall Remote Command Execution Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/124979

Trust: 0.6

title:Cisco: Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20180328-smi2

Trust: 0.1

title:Cisco: Action Required to Secure the Cisco IOS and IOS XE Smart Install Featureurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20180409-smi

Trust: 0.1

title:mitigate-cveurl:https://github.com/IPvSean/mitigate-cve

Trust: 0.1

title:gocartsurl:https://github.com/tomoyamachi/gocarts

Trust: 0.1

title:Exp101tsArchiv30thersurl:https://github.com/nu11secur1ty/Exp101tsArchiv30thers

Trust: 0.1

title:awesome-cve-poc_qazbnm456url:https://github.com/xbl3/awesome-cve-poc_qazbnm456

Trust: 0.1

title:BleepingComputerurl:https://www.bleepingcomputer.com/news/security/cisco-asa-flaw-exploited-in-the-wild-after-publication-of-two-pocs/

Trust: 0.1

title:BleepingComputerurl:https://www.bleepingcomputer.com/news/security/iranian-and-russian-networks-attacked-using-ciscos-cve-2018-0171-vulnerability/

Trust: 0.1

title:The Registerurl:https://www.theregister.co.uk/2018/03/29/cisco_critical_ios_bugs/

Trust: 0.1

title:Threatposturl:https://threatpost.com/cisco-patches-two-critical-rce-bugs-in-ios-xe-software/130852/

Trust: 0.1

sources: CNVD: CNVD-2018-06774 // VULMON: CVE-2018-0171 // JVNDB: JVNDB-2018-003296

EXTERNAL IDS

db:NVDid:CVE-2018-0171

Trust: 3.5

db:BIDid:103538

Trust: 2.7

db:ICS CERTid:ICSA-18-107-05

Trust: 2.6

db:ICS CERTid:ICSA-18-107-04

Trust: 2.6

db:SECTRACKid:1040580

Trust: 1.8

db:JVNDBid:JVNDB-2018-003296

Trust: 0.8

db:CNNVDid:CNNVD-201803-1022

Trust: 0.7

db:CNVDid:CNVD-2018-06774

Trust: 0.6

db:EXPLOIT-DBid:44451

Trust: 0.1

db:SEEBUGid:SSVID-97206

Trust: 0.1

db:VULHUBid:VHN-118373

Trust: 0.1

db:VULMONid:CVE-2018-0171

Trust: 0.1

sources: CNVD: CNVD-2018-06774 // VULHUB: VHN-118373 // VULMON: CVE-2018-0171 // BID: 103538 // JVNDB: JVNDB-2018-003296 // CNNVD: CNNVD-201803-1022 // NVD: CVE-2018-0171

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180328-smi2

Trust: 2.8

url:https://ics-cert.us-cert.gov/advisories/icsa-18-107-04

Trust: 2.7

url:https://ics-cert.us-cert.gov/advisories/icsa-18-107-05

Trust: 2.6

url:http://www.securityfocus.com/bid/103538

Trust: 1.9

url:https://www.darkreading.com/perimeter/attackers-exploit-cisco-switch-issue-as-vendor-warns-of-yet-another-critical-flaw/d/d-id/1331490

Trust: 1.8

url:http://www.securitytracker.com/id/1040580

Trust: 1.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0171

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-0171

Trust: 0.8

url:http://www.cisco.com/

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/787.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/ipvsean/mitigate-cve

Trust: 0.1

url:https://threatpost.com/cisco-patches-two-critical-rce-bugs-in-ios-xe-software/130852/

Trust: 0.1

sources: CNVD: CNVD-2018-06774 // VULHUB: VHN-118373 // VULMON: CVE-2018-0171 // BID: 103538 // JVNDB: JVNDB-2018-003296 // CNNVD: CNNVD-201803-1022 // NVD: CVE-2018-0171

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 103538

SOURCES

db:CNVDid:CNVD-2018-06774
db:VULHUBid:VHN-118373
db:VULMONid:CVE-2018-0171
db:BIDid:103538
db:JVNDBid:JVNDB-2018-003296
db:CNNVDid:CNNVD-201803-1022
db:NVDid:CVE-2018-0171

LAST UPDATE DATE

2024-08-14T13:28:53.549000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2018-06774date:2018-04-07T00:00:00
db:VULHUBid:VHN-118373date:2020-09-04T00:00:00
db:VULMONid:CVE-2018-0171date:2020-09-04T00:00:00
db:BIDid:103538date:2018-03-28T00:00:00
db:JVNDBid:JVNDB-2018-003296date:2018-05-22T00:00:00
db:CNNVDid:CNNVD-201803-1022date:2020-09-07T00:00:00
db:NVDid:CVE-2018-0171date:2020-09-04T18:25:04.367

SOURCES RELEASE DATE

db:CNVDid:CNVD-2018-06774date:2018-03-30T00:00:00
db:VULHUBid:VHN-118373date:2018-03-28T00:00:00
db:VULMONid:CVE-2018-0171date:2018-03-28T00:00:00
db:BIDid:103538date:2018-03-28T00:00:00
db:JVNDBid:JVNDB-2018-003296date:2018-05-22T00:00:00
db:CNNVDid:CNNVD-201803-1022date:2018-03-29T00:00:00
db:NVDid:CVE-2018-0171date:2018-03-28T22:29:01.063