Details of VAR-201808-0301

ID

VAR-201808-0301

CVE

CVE-2018-0418

TITLE

Cisco ASR 9000 Series Aggregation Services Routers Local Denial of Service Vulnerability

Trust: 0.9

sources: CNVD: CNVD-2018-17712 // BID: 105185

DESCRIPTION

A vulnerability in the Local Packet Transport Services (LPTS) feature set of Cisco ASR 9000 Series Aggregation Services Router Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input and validation checking on certain Precision Time Protocol (PTP) ingress traffic to an affected device. An attacker could exploit this vulnerability by injecting malformed traffic into an affected device. A successful exploit could allow the attacker to cause services on the device to become unresponsive, resulting in a DoS condition. Cisco Bug IDs: CSCvj22858. Cisco ASR 9000 There are vulnerabilities related to input validation and resource exhaustion in the series. Vendors have confirmed this vulnerability Bug ID CSCvj22858 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco IOSXR for Cisco ASR9000 Series Aggregation Services Routers is an operating system running on 9000 Series routers. The LocalPacketTransportServices(LPTS) featureset in CiscoASR9000SeriesAggregationServicesRouterSoftware has a denial of service vulnerability

Trust: 2.52

sources: NVD: CVE-2018-0418 // JVNDB: JVNDB-2018-009158 // CNVD: CNVD-2018-17712 // BID: 105185 // VULHUB: VHN-118620

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-17712

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xr	scope:	lte	version:	6.3.3_base	Trust: 1.0
vendor:	cisco	model:	ios xr	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asr series aggregation services router software	scope:	eq	version:	9000	Trust: 0.6
vendor:	cisco	model:	ios xr	scope:	eq	version:	6.3.3_base	Trust: 0.6
vendor:	cisco	model:	asr series aggregation services routers	scope:	eq	version:	90000	Trust: 0.3

sources: CNVD: CNVD-2018-17712 // BID: 105185 // JVNDB: JVNDB-2018-009158 // CNNVD: CNNVD-201808-458 // NVD: CVE-2018-0418

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0418
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-0418
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-17712
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201808-458
value:	HIGH
Trust: 0.6
VULHUB:	VHN-118620
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-0418
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-17712
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-118620
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0418
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	4.0
version:	3.1
Trust: 1.0
NVD:	CVE-2018-0418
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2018-17712 // VULHUB: VHN-118620 // JVNDB: JVNDB-2018-009158 // CNNVD: CNNVD-201808-458 // NVD: CVE-2018-0418

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.9
problemtype:	CWE-400	Trust: 1.9

sources: VULHUB: VHN-118620 // JVNDB: JVNDB-2018-009158 // NVD: CVE-2018-0418

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201808-458

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201808-458

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-009158

PATCH

title:	cisco-sa-20180815-asr-ptp-dos	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-asr-ptp-dos	Trust: 0.8
title:	Patch for Cisco ASR9000SeriesAggregationServicesRouters Local Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/139607	Trust: 0.6
title:	Cisco ASR 9000 Series Aggregation Services Router Software Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83758	Trust: 0.6

sources: CNVD: CNVD-2018-17712 // JVNDB: JVNDB-2018-009158 // CNNVD: CNNVD-201808-458

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0418	Trust: 3.4
db:	BID	id:	105185	Trust: 2.6
db:	SECTRACK	id:	1041538	Trust: 1.7
db:	JVNDB	id:	JVNDB-2018-009158	Trust: 0.8
db:	CNNVD	id:	CNNVD-201808-458	Trust: 0.7
db:	CNVD	id:	CNVD-2018-17712	Trust: 0.6
db:	VULHUB	id:	VHN-118620	Trust: 0.1

sources: CNVD: CNVD-2018-17712 // VULHUB: VHN-118620 // BID: 105185 // JVNDB: JVNDB-2018-009158 // CNNVD: CNNVD-201808-458 // NVD: CVE-2018-0418

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180815-asr-ptp-dos	Trust: 2.6
url:	http://www.securityfocus.com/bid/105185	Trust: 1.7
url:	http://www.securitytracker.com/id/1041538	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0418	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0418	Trust: 0.8
url:	http://www.cisco.com	Trust: 0.3

sources: CNVD: CNVD-2018-17712 // VULHUB: VHN-118620 // BID: 105185 // JVNDB: JVNDB-2018-009158 // CNNVD: CNNVD-201808-458 // NVD: CVE-2018-0418

CREDITS

Cisco

Trust: 0.3

sources: BID: 105185

SOURCES

db:	CNVD	id:	CNVD-2018-17712
db:	VULHUB	id:	VHN-118620
db:	BID	id:	105185
db:	JVNDB	id:	JVNDB-2018-009158
db:	CNNVD	id:	CNNVD-201808-458
db:	NVD	id:	CVE-2018-0418

LAST UPDATE DATE

2024-11-23T22:30:19.293000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-17712	date:	2018-09-06T00:00:00
db:	VULHUB	id:	VHN-118620	date:	2020-08-31T00:00:00
db:	BID	id:	105185	date:	2018-08-15T00:00:00
db:	JVNDB	id:	JVNDB-2018-009158	date:	2018-11-09T00:00:00
db:	CNNVD	id:	CNNVD-201808-458	date:	2020-10-22T00:00:00
db:	NVD	id:	CVE-2018-0418	date:	2024-11-21T03:38:11.260

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-17712	date:	2018-09-06T00:00:00
db:	VULHUB	id:	VHN-118620	date:	2018-08-15T00:00:00
db:	BID	id:	105185	date:	2018-08-15T00:00:00
db:	JVNDB	id:	JVNDB-2018-009158	date:	2018-11-09T00:00:00
db:	CNNVD	id:	CNNVD-201808-458	date:	2018-08-16T00:00:00
db:	NVD	id:	CVE-2018-0418	date:	2018-08-15T20:29:01.017