Sign-up

ID

VAR-201805-0495


CVE

CVE-2018-0252


TITLE

Cisco Wireless LAN Controller Software resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-004900

DESCRIPTION

A vulnerability in the IP Version 4 (IPv4) fragment reassembly function of Cisco 3500, 5500, and 8500 Series Wireless LAN Controller Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to a corruption of an internal data structure process that occurs when the affected software reassembles certain IPv4 packets. An attacker could exploit this vulnerability by sending certain malformed IPv4 fragments to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. This vulnerability affects all releases of 8.4 until the first fixed release for the 5500 and 8500 Series Wireless LAN Controllers and releases 8.5.103.0 and 8.5.105.0 for the 3500, 5500, and 8500 Series Wireless LAN Controllers. Cisco Bug IDs: CSCvf89222. Vendors have confirmed this vulnerability Bug ID CSCvf89222 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state

Trust: 2.52

sources: NVD: CVE-2018-0252 // JVNDB: JVNDB-2018-004900 // CNVD: CNVD-2018-08991 // BID: 104267 // VULHUB: VHN-118454

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-08991

AFFECTED PRODUCTS

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:8.4\(100.0\)

Trust: 1.6

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:8.6\(1.108\)

Trust: 1.6

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:8.5\(107.30\)

Trust: 1.6

vendor:ciscomodel:wireless lan controller softwarescope:eqversion:8.5\(107.41\)

Trust: 1.6

vendor:ciscomodel:wireless lan controller softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:series wireless lan controllerscope:eqversion:3500

Trust: 0.6

vendor:ciscomodel:series wireless lan controllerscope:eqversion:5500

Trust: 0.6

vendor:ciscomodel:series wireless lan controllerscope:eqversion:8500

Trust: 0.6

vendor:ciscomodel:wireless lan controllerscope:eqversion:85008.5.105.0

Trust: 0.3

vendor:ciscomodel:wireless lan controllerscope:eqversion:85008.5.103.0

Trust: 0.3

vendor:ciscomodel:wireless lan controllerscope:eqversion:85008.4

Trust: 0.3

vendor:ciscomodel:wireless lan controllerscope:eqversion:55008.5.105.0

Trust: 0.3

vendor:ciscomodel:wireless lan controllerscope:eqversion:55008.5.103.0

Trust: 0.3

vendor:ciscomodel:wireless lan controllerscope:eqversion:55008.4

Trust: 0.3

vendor:ciscomodel:wireless lan controllerscope:eqversion:35008.5.105.0

Trust: 0.3

vendor:ciscomodel:wireless lan controllerscope:eqversion:35008.5.103.0

Trust: 0.3

vendor:ciscomodel:wireless lan controllerscope:neversion:85008.5.120.0

Trust: 0.3

vendor:ciscomodel:wireless lan controllerscope:neversion:85008.5.110.0

Trust: 0.3

vendor:ciscomodel:wireless lan controllerscope:neversion:55008.5.120.0

Trust: 0.3

vendor:ciscomodel:wireless lan controllerscope:neversion:55008.5.110.0

Trust: 0.3

vendor:ciscomodel:wireless lan controllerscope:neversion:35008.5.120.0

Trust: 0.3

vendor:ciscomodel:wireless lan controllerscope:neversion:35008.5.110.0

Trust: 0.3

sources: CNVD: CNVD-2018-08991 // BID: 104267 // JVNDB: JVNDB-2018-004900 // CNNVD: CNNVD-201805-084 // NVD: CVE-2018-0252

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0252
value: HIGH

Trust: 1.0

NVD: CVE-2018-0252
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-08991
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201805-084
value: HIGH

Trust: 0.6

VULHUB: VHN-118454
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-0252
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-08991
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-118454
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0252
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-08991 // VULHUB: VHN-118454 // JVNDB: JVNDB-2018-004900 // CNNVD: CNNVD-201805-084 // NVD: CVE-2018-0252

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

problemtype:CWE-119

Trust: 1.1

sources: VULHUB: VHN-118454 // JVNDB: JVNDB-2018-004900 // NVD: CVE-2018-0252

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-084

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201805-084

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-004900

PATCH
title:cisco-sa-20180502-wlc-ipurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-wlc-ip
Trust: 0.8
title:Cisco Wireless LAN Controller has a denial of service vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/128203
Trust: 0.6
title:Cisco 3500 , 5500  and 8500 Series Wireless LAN Controller Software Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79820
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-08991 // 
            
            
            
            JVNDB: JVNDB-2018-004900 // 
            
            
            
            CNNVD: CNNVD-201805-084

EXTERNAL IDS
db:NVDid:CVE-2018-0252
Trust: 3.4
db:SECTRACKid:1040822
Trust: 2.3
db:JVNDBid:JVNDB-2018-004900
Trust: 0.8
db:CNNVDid:CNNVD-201805-084
Trust: 0.7
db:CNVDid:CNVD-2018-08991
Trust: 0.6
db:BIDid:104267
Trust: 0.4
db:VULHUBid:VHN-118454
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-08991 // 
            
            
            
            VULHUB: VHN-118454 // 
            
            
            
            BID: 104267 // 
            
            
            
            JVNDB: JVNDB-2018-004900 // 
            
            
            
            CNNVD: CNNVD-201805-084 // 
            
            
            
            NVD: CVE-2018-0252

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180502-wlc-ip
Trust: 2.0
url:http://www.securitytracker.com/id/1040822
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0252
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0252
Trust: 0.8
url:https://securitytracker.com/id/1040822
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-08991 // 
            
            
            
            VULHUB: VHN-118454 // 
            
            
            
            BID: 104267 // 
            
            
            
            JVNDB: JVNDB-2018-004900 // 
            
            
            
            CNNVD: CNNVD-201805-084 // 
            
            
            
            NVD: CVE-2018-0252

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 104267

SOURCES
db:CNVDid:CNVD-2018-08991
db:VULHUBid:VHN-118454
db:BIDid:104267
db:JVNDBid:JVNDB-2018-004900
db:CNNVDid:CNNVD-201805-084
db:NVDid:CVE-2018-0252

LAST UPDATE DATE
2024-11-23T23:05:07.091000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-08991date:2018-05-07T00:00:00
db:VULHUBid:VHN-118454date:2019-10-09T00:00:00
db:BIDid:104267date:2018-05-02T00:00:00
db:JVNDBid:JVNDB-2018-004900date:2018-06-29T00:00:00
db:CNNVDid:CNNVD-201805-084date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0252date:2024-11-21T03:37:49.220

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-08991date:2018-05-07T00:00:00
db:VULHUBid:VHN-118454date:2018-05-02T00:00:00
db:BIDid:104267date:2018-05-02T00:00:00
db:JVNDBid:JVNDB-2018-004900date:2018-06-29T00:00:00
db:CNNVDid:CNNVD-201805-084date:2018-05-02T00:00:00
db:NVDid:CVE-2018-0252date:2018-05-02T22:29:00.683