Details of VAR-201803-1393

ID

VAR-201803-1393

CVE

CVE-2018-0177

TITLE

Cisco IOS XE Data processing vulnerability in software

Trust: 0.8

sources: JVNDB: JVNDB-2018-003510

DESCRIPTION

A vulnerability in the IP Version 4 (IPv4) processing code of Cisco IOS XE Software running on Cisco Catalyst 3850 and Cisco Catalyst 3650 Series Switches could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain IPv4 packets. An attacker could exploit this vulnerability by sending specific IPv4 packets to an IPv4 address on an affected device. A successful exploit could allow the attacker to cause high CPU utilization, traceback messages, or a reload of the affected device that leads to a DoS condition. If the switch does not reboot when under attack, it would require manual intervention to reload the device. This vulnerability affects Cisco Catalyst 3850 and Cisco Catalyst 3650 Series Switches that are running Cisco IOS XE Software Release 16.1.1 or later, until the first fixed release, and are configured with an IPv4 address. Cisco Bug IDs: CSCvd80714. Cisco IOS XE The software contains data processing vulnerabilities and resource management vulnerabilities. Vendors have confirmed this vulnerability Cisco Bug ID : CSCvd80714 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. IOSXESoftware is a set of Cisco device-specific operating systems running on it

Trust: 2.52

sources: NVD: CVE-2018-0177 // JVNDB: JVNDB-2018-003510 // CNVD: CNVD-2018-07763 // BID: 103563 // VULHUB: VHN-118379

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-07763

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xe	scope:	eq	version:	denali-16.3.1	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	denali-16.3.3	Trust: 1.6
vendor:	cisco	model:	catalyst series switches	scope:	eq	version:	36500	Trust: 0.9
vendor:	cisco	model:	ios xe	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	catalyst series	scope:	eq	version:	3850	Trust: 0.6
vendor:	cisco	model:	ios xe software	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	catalyst series switches	scope:	eq	version:	38500	Trust: 0.3

sources: CNVD: CNVD-2018-07763 // BID: 103563 // JVNDB: JVNDB-2018-003510 // CNNVD: CNNVD-201803-1016 // NVD: CVE-2018-0177

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0177
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-0177
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-07763
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201803-1016
value:	HIGH
Trust: 0.6
VULHUB:	VHN-118379
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-0177
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-07763
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-118379
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0177
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2018-0177
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2018-07763 // VULHUB: VHN-118379 // JVNDB: JVNDB-2018-003510 // CNNVD: CNNVD-201803-1016 // NVD: CVE-2018-0177

PROBLEMTYPE DATA

problemtype:	CWE-19	Trust: 1.9
problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-399	Trust: 0.9

sources: VULHUB: VHN-118379 // JVNDB: JVNDB-2018-003510 // NVD: CVE-2018-0177

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-1016

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201803-1016

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-003510

PATCH

title:	cisco-sa-20180328-ipv4	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-ipv4	Trust: 0.8
title:	Patch for Cisco Catalyst 3850 and Catalyst 3650 Series Switches IOSXESoftware Denial of Service Vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/125883	Trust: 0.6
title:	Cisco Catalyst 3850 and Catalyst 3650 Series Switches IOS XE Software Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79484	Trust: 0.6

sources: CNVD: CNVD-2018-07763 // JVNDB: JVNDB-2018-003510 // CNNVD: CNNVD-201803-1016

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0177	Trust: 3.4
db:	BID	id:	103563	Trust: 2.6
db:	SECTRACK	id:	1040588	Trust: 1.7
db:	JVNDB	id:	JVNDB-2018-003510	Trust: 0.8
db:	CNNVD	id:	CNNVD-201803-1016	Trust: 0.7
db:	CNVD	id:	CNVD-2018-07763	Trust: 0.6
db:	VULHUB	id:	VHN-118379	Trust: 0.1

sources: CNVD: CNVD-2018-07763 // VULHUB: VHN-118379 // BID: 103563 // JVNDB: JVNDB-2018-003510 // CNNVD: CNNVD-201803-1016 // NVD: CVE-2018-0177

REFERENCES

url:	http://www.securityfocus.com/bid/103563	Trust: 2.3
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180328-ipv4	Trust: 2.0
url:	http://www.securitytracker.com/id/1040588	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0177	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0177	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.cisco.com/c/en/us/products/ios-nx-os-software/ios-xe/index.html	Trust: 0.3

sources: CNVD: CNVD-2018-07763 // VULHUB: VHN-118379 // BID: 103563 // JVNDB: JVNDB-2018-003510 // CNNVD: CNNVD-201803-1016 // NVD: CVE-2018-0177

CREDITS

Cisco

Trust: 0.3

sources: BID: 103563

SOURCES

db:	CNVD	id:	CNVD-2018-07763
db:	VULHUB	id:	VHN-118379
db:	BID	id:	103563
db:	JVNDB	id:	JVNDB-2018-003510
db:	CNNVD	id:	CNNVD-201803-1016
db:	NVD	id:	CVE-2018-0177

LAST UPDATE DATE

2024-11-23T22:41:53.964000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-07763	date:	2018-04-17T00:00:00
db:	VULHUB	id:	VHN-118379	date:	2019-10-09T00:00:00
db:	BID	id:	103563	date:	2018-03-28T00:00:00
db:	JVNDB	id:	JVNDB-2018-003510	date:	2018-05-25T00:00:00
db:	CNNVD	id:	CNNVD-201803-1016	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-0177	date:	2024-11-21T03:37:40.253

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-07763	date:	2018-04-17T00:00:00
db:	VULHUB	id:	VHN-118379	date:	2018-03-28T00:00:00
db:	BID	id:	103563	date:	2018-03-28T00:00:00
db:	JVNDB	id:	JVNDB-2018-003510	date:	2018-05-25T00:00:00
db:	CNNVD	id:	CNNVD-201803-1016	date:	2018-03-29T00:00:00
db:	NVD	id:	CVE-2018-0177	date:	2018-03-28T22:29:01.407