Details of VAR-201804-1003

ID

VAR-201804-1003

CVE

CVE-2018-0257

TITLE

Cisco cBR Series Converged Broadband Routers IOS XE Resource Management Error Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2018-11148 // CNNVD: CNNVD-201804-1093

DESCRIPTION

A vulnerability in Cisco IOS XE Software running on Cisco cBR Series Converged Broadband Routers could allow an unauthenticated, adjacent attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to the incorrect handling of certain DHCP packets. An attacker could exploit this vulnerability by sending certain DHCP packets to a specific segment of an affected device. A successful exploit could allow the attacker to increase CPU usage on the affected device and cause a DoS condition. Cisco Bug IDs: CSCvg73687. Cisco IOS XE The software contains a resource management vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvg73687 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. CiscocBRSeriesConvergedBroadbandRouters is a cBR series router device from Cisco. IOSXE is one of the operating systems dedicated to Cisco network devices. A resource management error vulnerability exists in IOSXE on CiscocBRSeriesConvergedBroadbandRouters that caused the program to fail to properly handle DHCP packets

Trust: 2.52

sources: NVD: CVE-2018-0257 // JVNDB: JVNDB-2018-004412 // CNVD: CNVD-2018-11148 // BID: 103948 // VULHUB: VHN-118459

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-11148

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xe	scope:	eq	version:	16.4	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.5	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	15.6\(2\)sp	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	lte	version:	16.6.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	gt	version:	16.7	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	lte	version:	16.7.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	lte	version:	3.18.4	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	gte	version:	3.18	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	gte	version:	16.6	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	cbr series converged broadband routers	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.0as	Trust: 0.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.0s	Trust: 0.6
vendor:	cisco	model:	ios xe software	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	cbr series converged broadband routers	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2018-11148 // BID: 103948 // JVNDB: JVNDB-2018-004412 // CNNVD: CNNVD-201804-1093 // NVD: CVE-2018-0257

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0257
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-0257
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2018-11148
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-201804-1093
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-118459
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2018-0257
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-11148
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-118459
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0257
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-11148 // VULHUB: VHN-118459 // JVNDB: JVNDB-2018-004412 // CNNVD: CNNVD-201804-1093 // NVD: CVE-2018-0257

PROBLEMTYPE DATA

problemtype:	CWE-399	Trust: 1.9
problemtype:	NVD-CWE-noinfo	Trust: 1.0

sources: VULHUB: VHN-118459 // JVNDB: JVNDB-2018-004412 // NVD: CVE-2018-0257

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201804-1093

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201804-1093

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-004412

PATCH

title:	cisco-sa-20180418-cbr8	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-cbr8	Trust: 0.8
title:	Patch for CiscocBRSeriesConvergedBroadbandRoutersIOSXE Resource Management Error Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/131555	Trust: 0.6
title:	Cisco cBR Series Converged Broadband Routers IOS XE Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81388	Trust: 0.6

sources: CNVD: CNVD-2018-11148 // JVNDB: JVNDB-2018-004412 // CNNVD: CNNVD-201804-1093

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0257	Trust: 3.4
db:	BID	id:	103948	Trust: 2.0
db:	SECTRACK	id:	1040716	Trust: 1.7
db:	JVNDB	id:	JVNDB-2018-004412	Trust: 0.8
db:	CNNVD	id:	CNNVD-201804-1093	Trust: 0.7
db:	BID	id:	103937	Trust: 0.6
db:	CNVD	id:	CNVD-2018-11148	Trust: 0.6
db:	VULHUB	id:	VHN-118459	Trust: 0.1

sources: CNVD: CNVD-2018-11148 // VULHUB: VHN-118459 // BID: 103948 // JVNDB: JVNDB-2018-004412 // CNNVD: CNNVD-201804-1093 // NVD: CVE-2018-0257

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180418-cbr8	Trust: 2.6
url:	http://www.securityfocus.com/bid/103948	Trust: 1.7
url:	http://www.securitytracker.com/id/1040716	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0257	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0257	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2018-11148 // VULHUB: VHN-118459 // BID: 103948 // JVNDB: JVNDB-2018-004412 // CNNVD: CNNVD-201804-1093 // NVD: CVE-2018-0257

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 103948

SOURCES

db:	CNVD	id:	CNVD-2018-11148
db:	VULHUB	id:	VHN-118459
db:	BID	id:	103948
db:	JVNDB	id:	JVNDB-2018-004412
db:	CNNVD	id:	CNNVD-201804-1093
db:	NVD	id:	CVE-2018-0257

LAST UPDATE DATE

2024-11-23T22:17:35.541000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-11148	date:	2018-06-08T00:00:00
db:	VULHUB	id:	VHN-118459	date:	2019-10-09T00:00:00
db:	BID	id:	103948	date:	2018-04-18T00:00:00
db:	JVNDB	id:	JVNDB-2018-004412	date:	2018-06-19T00:00:00
db:	CNNVD	id:	CNNVD-201804-1093	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-0257	date:	2024-11-21T03:37:49.840

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-11148	date:	2018-05-08T00:00:00
db:	VULHUB	id:	VHN-118459	date:	2018-04-19T00:00:00
db:	BID	id:	103948	date:	2018-04-18T00:00:00
db:	JVNDB	id:	JVNDB-2018-004412	date:	2018-06-19T00:00:00
db:	CNNVD	id:	CNNVD-201804-1093	date:	2018-04-19T00:00:00
db:	NVD	id:	CVE-2018-0257	date:	2018-04-19T20:29:01.317