Sign-up

ID

VAR-201803-1388


CVE

CVE-2018-0172


TITLE

Cisco IOS Software and Cisco IOS XE Software input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-003506

DESCRIPTION

A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software performs incomplete input validation of option 82 information that it receives in DHCP Version 4 (DHCPv4) packets from DHCP relay agents. An attacker could exploit this vulnerability by sending a crafted DHCPv4 packet to an affected device. A successful exploit could allow the attacker to cause a heap overflow condition on the affected device, which will cause the device to reload and result in a DoS condition. Cisco Bug IDs: CSCvg62730. Vendors have confirmed this vulnerability Bug ID CSCvg62730 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. The vulnerability is caused by the fact that the program does not perform complete input verification on option 82 information

Trust: 2.07

sources: NVD: CVE-2018-0172 // JVNDB: JVNDB-2018-003506 // BID: 103552 // VULHUB: VHN-118374 // VULMON: CVE-2018-0172

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:ios xescope:eqversion: -

Trust: 1.6

vendor:ciscomodel:iosscope: - version: -

Trust: 0.8

vendor:ciscomodel:ios xescope: - version: -

Trust: 0.8

vendor:ciscomodel:ios xe softwarescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:0

Trust: 0.3

sources: BID: 103552 // JVNDB: JVNDB-2018-003506 // CNNVD: CNNVD-201803-1021 // NVD: CVE-2018-0172

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0172
value: HIGH

Trust: 1.0

NVD: CVE-2018-0172
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201803-1021
value: HIGH

Trust: 0.6

VULHUB: VHN-118374
value: HIGH

Trust: 0.1

VULMON: CVE-2018-0172
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-0172
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-118374
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0172
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.1

Trust: 1.0

NVD: CVE-2018-0172
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-118374 // VULMON: CVE-2018-0172 // JVNDB: JVNDB-2018-003506 // CNNVD: CNNVD-201803-1021 // NVD: CVE-2018-0172

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

problemtype:CWE-787

Trust: 1.1

problemtype:CWE-119

Trust: 0.1

sources: VULHUB: VHN-118374 // JVNDB: JVNDB-2018-003506 // NVD: CVE-2018-0172

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-1021

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201803-1021

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-003506

PATCH
title:cisco-sa-20180328-dhcpr1url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dhcpr1
Trust: 0.8
title:Cisco: Cisco IOS and IOS XE Software DHCP Version 4 Relay Heap Overflow Denial of Service Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20180328-dhcpr1
Trust: 0.1
title:Known Exploited Vulnerabilities Detectorurl:https://github.com/Ostorlab/KEV 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-0172 // 
            
            
            
            JVNDB: JVNDB-2018-003506

EXTERNAL IDS
db:NVDid:CVE-2018-0172
Trust: 2.9
db:ICS CERTid:ICSA-18-107-04
Trust: 2.6
db:ICS CERTid:ICSA-18-107-05
Trust: 2.6
db:BIDid:103552
Trust: 2.1
db:SECTRACKid:1040591
Trust: 1.8
db:TENABLEid:TRA-2018-06
Trust: 1.8
db:JVNDBid:JVNDB-2018-003506
Trust: 0.8
db:CNNVDid:CNNVD-201803-1021
Trust: 0.7
db:VULHUBid:VHN-118374
Trust: 0.1
db:VULMONid:CVE-2018-0172
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118374 // 
            
            
            
            VULMON: CVE-2018-0172 // 
            
            
            
            BID: 103552 // 
            
            
            
            JVNDB: JVNDB-2018-003506 // 
            
            
            
            CNNVD: CNNVD-201803-1021 // 
            
            
            
            NVD: CVE-2018-0172

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-107-05
Trust: 2.7
url:https://ics-cert.us-cert.gov/advisories/icsa-18-107-04
Trust: 2.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180328-dhcpr1
Trust: 2.2
url:http://www.securityfocus.com/bid/103552
Trust: 1.9
url:https://www.tenable.com/security/research/tra-2018-06
Trust: 1.8
url:http://www.securitytracker.com/id/1040591
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0172
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0172
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/787.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/ostorlab/kev
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118374 // 
            
            
            
            VULMON: CVE-2018-0172 // 
            
            
            
            BID: 103552 // 
            
            
            
            JVNDB: JVNDB-2018-003506 // 
            
            
            
            CNNVD: CNNVD-201803-1021 // 
            
            
            
            NVD: CVE-2018-0172

CREDITS
Tenable
Trust: 0.3
sources:
            
            
            BID: 103552

SOURCES
db:VULHUBid:VHN-118374
db:VULMONid:CVE-2018-0172
db:BIDid:103552
db:JVNDBid:JVNDB-2018-003506
db:CNNVDid:CNNVD-201803-1021
db:NVDid:CVE-2018-0172

LAST UPDATE DATE
2024-11-23T21:39:32.732000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118374date:2020-09-04T00:00:00
db:VULMONid:CVE-2018-0172date:2020-09-04T00:00:00
db:BIDid:103552date:2018-03-28T00:00:00
db:JVNDBid:JVNDB-2018-003506date:2018-05-25T00:00:00
db:CNNVDid:CNNVD-201803-1021date:2020-09-07T00:00:00
db:NVDid:CVE-2018-0172date:2024-11-21T03:37:39.413

SOURCES RELEASE DATE
db:VULHUBid:VHN-118374date:2018-03-28T00:00:00
db:VULMONid:CVE-2018-0172date:2018-03-28T00:00:00
db:BIDid:103552date:2018-03-28T00:00:00
db:JVNDBid:JVNDB-2018-003506date:2018-05-25T00:00:00
db:CNNVDid:CNNVD-201803-1021date:2018-03-29T00:00:00
db:NVDid:CVE-2018-0172date:2018-03-28T22:29:01.110