Details of VAR-201805-0521

ID

VAR-201805-0521

CVE

CVE-2018-0286

TITLE

Cisco IOS XR Software resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-004602

DESCRIPTION

A vulnerability in the netconf interface of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on affected system. The vulnerability is due to improper handling of malformed requests processed by the netconf process. An attacker could exploit this vulnerability by sending malicious requests to the affected software. An exploit could allow the attacker to cause the targeted process to restart, resulting in a DoS condition on the affected system. Cisco Bug IDs: CSCvg95792. Cisco IOS XR The software contains a resource management vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvg95792 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. Attackers can exploit this issue to cause the denial-of-service conditions

Trust: 1.98

sources: NVD: CVE-2018-0286 // JVNDB: JVNDB-2018-004602 // BID: 104083 // VULHUB: VHN-118488

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xr	scope:	eq	version:	6.5.1	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	6.3.2	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	eq	version:	6.3.1	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ios xr	scope:	eq	version:	6.3.2.base	Trust: 0.6
vendor:	cisco	model:	ios xr	scope:	eq	version:	6.3.1.base	Trust: 0.6
vendor:	cisco	model:	ios xr	scope:	eq	version:	6.5.1.base	Trust: 0.6
vendor:	cisco	model:	ios xr software	scope:	eq	version:	0	Trust: 0.3

sources: BID: 104083 // JVNDB: JVNDB-2018-004602 // CNNVD: CNNVD-201805-075 // NVD: CVE-2018-0286

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0286
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-0286
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201805-075
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-118488
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-0286
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-118488
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0286
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2018-0286
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-118488 // JVNDB: JVNDB-2018-004602 // CNNVD: CNNVD-201805-075 // NVD: CVE-2018-0286

PROBLEMTYPE DATA

problemtype:	CWE-399	Trust: 1.9
problemtype:	CWE-755	Trust: 1.1

sources: VULHUB: VHN-118488 // JVNDB: JVNDB-2018-004602 // NVD: CVE-2018-0286

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-075

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201805-075

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-004602

PATCH

title:	cisco-sa-20180502-iosxr	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-iosxr	Trust: 0.8
title:	Cisco IOS XR Software netconf Repair measures for interface resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79811	Trust: 0.6

sources: JVNDB: JVNDB-2018-004602 // CNNVD: CNNVD-201805-075

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0286	Trust: 2.8
db:	BID	id:	104083	Trust: 2.0
db:	SECTRACK	id:	1040827	Trust: 1.7
db:	JVNDB	id:	JVNDB-2018-004602	Trust: 0.8
db:	CNNVD	id:	CNNVD-201805-075	Trust: 0.7
db:	VULHUB	id:	VHN-118488	Trust: 0.1

sources: VULHUB: VHN-118488 // BID: 104083 // JVNDB: JVNDB-2018-004602 // CNNVD: CNNVD-201805-075 // NVD: CVE-2018-0286

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180502-iosxr	Trust: 2.0
url:	http://www.securityfocus.com/bid/104083	Trust: 1.7
url:	http://www.securitytracker.com/id/1040827	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0286	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0286	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-118488 // BID: 104083 // JVNDB: JVNDB-2018-004602 // CNNVD: CNNVD-201805-075 // NVD: CVE-2018-0286

CREDITS

Cisco

Trust: 0.3

sources: BID: 104083

SOURCES

db:	VULHUB	id:	VHN-118488
db:	BID	id:	104083
db:	JVNDB	id:	JVNDB-2018-004602
db:	CNNVD	id:	CNNVD-201805-075
db:	NVD	id:	CVE-2018-0286

LAST UPDATE DATE

2024-11-23T23:08:43.805000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-118488	date:	2020-09-09T00:00:00
db:	BID	id:	104083	date:	2018-05-02T00:00:00
db:	JVNDB	id:	JVNDB-2018-004602	date:	2018-06-25T00:00:00
db:	CNNVD	id:	CNNVD-201805-075	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-0286	date:	2024-11-21T03:37:53.890

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-118488	date:	2018-05-02T00:00:00
db:	BID	id:	104083	date:	2018-05-02T00:00:00
db:	JVNDB	id:	JVNDB-2018-004602	date:	2018-06-25T00:00:00
db:	CNNVD	id:	CNNVD-201805-075	date:	2018-05-03T00:00:00
db:	NVD	id:	CVE-2018-0286	date:	2018-05-02T22:29:01.263