Sign-up

ID

VAR-201804-0995


CVE

CVE-2018-0241


TITLE

Cisco IOS XR Software resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-004426

DESCRIPTION

A vulnerability in the UDP broadcast forwarding function of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to improper handling of UDP broadcast packets that are forwarded to an IPv4 helper address. An attacker could exploit this vulnerability by sending multiple UDP broadcast packets to the affected device. An exploit could allow the attacker to cause a buffer leak on the affected device, eventually resulting in a DoS condition requiring manual intervention to recover. This vulnerability affects all Cisco IOS XR platforms running 6.3.1, 6.2.3, or earlier releases of Cisco IOS XR Software when at least one IPv4 helper address is configured on an interface of the device. Cisco Bug IDs: CSCvi35625. Vendors have confirmed this vulnerability Bug ID CSCvi35625 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. Attackers can exploit this issue to cause the denial-of-service conditions

Trust: 1.98

sources: NVD: CVE-2018-0241 // JVNDB: JVNDB-2018-004426 // BID: 103929 // VULHUB: VHN-118443

AFFECTED PRODUCTS

vendor:ciscomodel:ios xrscope:eqversion:6.1.4.base

Trust: 1.6

vendor:ciscomodel:ios xrscope:eqversion:5.4.3.ce

Trust: 1.6

vendor:ciscomodel:ios xrscope:eqversion:4.4.3.ce

Trust: 1.6

vendor:ciscomodel:ios xrscope:eqversion:6.2.3.base

Trust: 1.6

vendor:ciscomodel:ios xrscope:eqversion:5.1.4.base

Trust: 1.6

vendor:ciscomodel:ios xrscope:eqversion:5.0.3.ce

Trust: 1.6

vendor:ciscomodel:ios xrscope:eqversion:5.3.4.base

Trust: 1.6

vendor:ciscomodel:ios xrscope:eqversion:4.3.4.base

Trust: 1.6

vendor:ciscomodel:ios xrscope:eqversion:6.0.4.base

Trust: 1.6

vendor:ciscomodel:ios xrscope:eqversion:5.2.5.ce

Trust: 1.6

vendor:ciscomodel:ios xrscope:eqversion:4.1.3.base

Trust: 1.0

vendor:ciscomodel:ios xrscope:eqversion:4.0.4.base

Trust: 1.0

vendor:ciscomodel:ios xrscope:eqversion:4.2.4.base

Trust: 1.0

vendor:ciscomodel:ios xrscope: - version: -

Trust: 0.8

vendor:ciscomodel:ios xr softwarescope:eqversion:6.3.1

Trust: 0.3

vendor:ciscomodel:ios xr softwarescope:eqversion:6.2.3

Trust: 0.3

vendor:ciscomodel:ios xr softwarescope:eqversion:6.1.4

Trust: 0.3

vendor:ciscomodel:ios xr softwarescope:eqversion:5.3.4

Trust: 0.3

vendor:ciscomodel:asr routerscope:eqversion:99220

Trust: 0.3

vendor:ciscomodel:asr routerscope:eqversion:99120

Trust: 0.3

vendor:ciscomodel:asr routerscope:eqversion:99040

Trust: 0.3

vendor:ciscomodel:asr routerscope:eqversion:90100

Trust: 0.3

vendor:ciscomodel:asr routerscope:eqversion:90060

Trust: 0.3

vendor:ciscomodel:asr routerscope:eqversion:90010

Trust: 0.3

vendor:ciscomodel:ios xr softwarescope:neversion:6.3.2

Trust: 0.3

sources: BID: 103929 // JVNDB: JVNDB-2018-004426 // CNNVD: CNNVD-201804-1101 // NVD: CVE-2018-0241

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0241
value: HIGH

Trust: 1.0

NVD: CVE-2018-0241
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201804-1101
value: HIGH

Trust: 0.6

VULHUB: VHN-118443
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0241
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118443
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0241
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 4.0
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-118443 // JVNDB: JVNDB-2018-004426 // CNNVD: CNNVD-201804-1101 // NVD: CVE-2018-0241

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: VULHUB: VHN-118443 // JVNDB: JVNDB-2018-004426 // NVD: CVE-2018-0241

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201804-1101

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201804-1101

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-004426

PATCH
title:cisco-sa-20180418-iosxrurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-iosxr
Trust: 0.8
title:Cisco IOS XR Software Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81396
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-004426 // 
            
            
            
            CNNVD: CNNVD-201804-1101

EXTERNAL IDS
db:NVDid:CVE-2018-0241
Trust: 2.8
db:BIDid:103929
Trust: 2.0
db:SECTRACKid:1040710
Trust: 1.7
db:JVNDBid:JVNDB-2018-004426
Trust: 0.8
db:CNNVDid:CNNVD-201804-1101
Trust: 0.6
db:VULHUBid:VHN-118443
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118443 // 
            
            
            
            BID: 103929 // 
            
            
            
            JVNDB: JVNDB-2018-004426 // 
            
            
            
            CNNVD: CNNVD-201804-1101 // 
            
            
            
            NVD: CVE-2018-0241

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180418-iosxr
Trust: 2.0
url:http://www.securityfocus.com/bid/103929
Trust: 1.7
url:http://www.securitytracker.com/id/1040710
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0241
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0241
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-118443 // 
            
            
            
            BID: 103929 // 
            
            
            
            JVNDB: JVNDB-2018-004426 // 
            
            
            
            CNNVD: CNNVD-201804-1101 // 
            
            
            
            NVD: CVE-2018-0241

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 103929

SOURCES
db:VULHUBid:VHN-118443
db:BIDid:103929
db:JVNDBid:JVNDB-2018-004426
db:CNNVDid:CNNVD-201804-1101
db:NVDid:CVE-2018-0241

LAST UPDATE DATE
2024-11-23T22:12:37+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118443date:2019-10-09T00:00:00
db:BIDid:103929date:2018-04-18T00:00:00
db:JVNDBid:JVNDB-2018-004426date:2018-06-20T00:00:00
db:CNNVDid:CNNVD-201804-1101date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0241date:2024-11-21T03:37:47.947

SOURCES RELEASE DATE
db:VULHUBid:VHN-118443date:2018-04-19T00:00:00
db:BIDid:103929date:2018-04-18T00:00:00
db:JVNDBid:JVNDB-2018-004426date:2018-06-20T00:00:00
db:CNNVDid:CNNVD-201804-1101date:2018-04-19T00:00:00
db:NVDid:CVE-2018-0241date:2018-04-19T20:29:00.877