Sign-up

ID

VAR-201804-1002


CVE

CVE-2018-0256


TITLE

Cisco Packet Data Network Gateway Input Validation Vulnerability

Trust: 2.0

sources: CNVD: CNVD-2018-09393 // JVNDB: JVNDB-2018-004411 // CNNVD: CNNVD-201804-1094

DESCRIPTION

A vulnerability in the peer-to-peer message processing functionality of Cisco Packet Data Network Gateway could allow an unauthenticated, remote attacker to cause the Session Manager (SESSMGR) process on an affected device to restart, resulting in a denial of service (DoS) condition. The vulnerability is due to incorrect validation of peer-to-peer packet headers. An attacker could exploit this vulnerability by sending a crafted peer-to-peer packet through an affected device. A successful exploit could allow the attacker to cause the SESSMGR process on the affected device to restart unexpectedly, which could briefly impact traffic while the SESSMGR process restarts and result in a DoS condition. Cisco Bug IDs: CSCvg88786. Vendors have confirmed this vulnerability Bug ID CSCvg88786 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state

Trust: 2.52

sources: NVD: CVE-2018-0256 // JVNDB: JVNDB-2018-004411 // CNVD: CNVD-2018-09393 // BID: 103951 // VULHUB: VHN-118458

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-09393

AFFECTED PRODUCTS

vendor:ciscomodel:asr 5000 series softwarescope:eqversion:p2p_2.16.879

Trust: 1.6

vendor:ciscomodel:asr 5000 series softwarescope:eqversion:20.3.0.66671

Trust: 1.6

vendor:ciscomodel:asr 5000 series softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:packet data network gatewayscope: - version: -

Trust: 0.6

vendor:ciscomodel:packet data network gatewayscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:asr series p2p 2.16.879scope:eqversion:5000

Trust: 0.3

vendor:ciscomodel:asr seriesscope:eqversion:500020.3.0.66671

Trust: 0.3

sources: CNVD: CNVD-2018-09393 // BID: 103951 // JVNDB: JVNDB-2018-004411 // CNNVD: CNNVD-201804-1094 // NVD: CVE-2018-0256

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0256
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-0256
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-09393
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201804-1094
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118458
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0256
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-09393
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-118458
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0256
baseSeverity: MEDIUM
baseScore: 5.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-09393 // VULHUB: VHN-118458 // JVNDB: JVNDB-2018-004411 // CNNVD: CNNVD-201804-1094 // NVD: CVE-2018-0256

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-118458 // JVNDB: JVNDB-2018-004411 // NVD: CVE-2018-0256

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-1094

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201804-1094

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-004411

PATCH
title:cisco-sa-20180418-pdngurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-pdng
Trust: 0.8
title:CiscoPacketDataNetworkGateway enters patches for verification vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/128727
Trust: 0.6
title:Cisco Packet Data Network Gateway Enter the fix for the verification vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81389
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-09393 // 
            
            
            
            JVNDB: JVNDB-2018-004411 // 
            
            
            
            CNNVD: CNNVD-201804-1094

EXTERNAL IDS
db:NVDid:CVE-2018-0256
Trust: 3.4
db:BIDid:103951
Trust: 2.6
db:JVNDBid:JVNDB-2018-004411
Trust: 0.8
db:CNVDid:CNVD-2018-09393
Trust: 0.6
db:CNNVDid:CNNVD-201804-1094
Trust: 0.6
db:VULHUBid:VHN-118458
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-09393 // 
            
            
            
            VULHUB: VHN-118458 // 
            
            
            
            BID: 103951 // 
            
            
            
            JVNDB: JVNDB-2018-004411 // 
            
            
            
            CNNVD: CNNVD-201804-1094 // 
            
            
            
            NVD: CVE-2018-0256

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180418-pdng
Trust: 2.6
url:http://www.securityfocus.com/bid/103951
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0256
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0256
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-09393 // 
            
            
            
            VULHUB: VHN-118458 // 
            
            
            
            BID: 103951 // 
            
            
            
            JVNDB: JVNDB-2018-004411 // 
            
            
            
            CNNVD: CNNVD-201804-1094 // 
            
            
            
            NVD: CVE-2018-0256

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 103951

SOURCES
db:CNVDid:CNVD-2018-09393
db:VULHUBid:VHN-118458
db:BIDid:103951
db:JVNDBid:JVNDB-2018-004411
db:CNNVDid:CNNVD-201804-1094
db:NVDid:CVE-2018-0256

LAST UPDATE DATE
2024-11-23T23:12:12.514000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-09393date:2018-05-14T00:00:00
db:VULHUBid:VHN-118458date:2019-10-09T00:00:00
db:BIDid:103951date:2018-04-18T00:00:00
db:JVNDBid:JVNDB-2018-004411date:2018-06-19T00:00:00
db:CNNVDid:CNNVD-201804-1094date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0256date:2024-11-21T03:37:49.710

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-09393date:2018-05-14T00:00:00
db:VULHUBid:VHN-118458date:2018-04-19T00:00:00
db:BIDid:103951date:2018-04-18T00:00:00
db:JVNDBid:JVNDB-2018-004411date:2018-06-19T00:00:00
db:CNNVDid:CNNVD-201804-1094date:2018-04-19T00:00:00
db:NVDid:CVE-2018-0256date:2018-04-19T20:29:01.253