Details of VAR-201810-0299

ID

VAR-201810-0299

CVE

CVE-2018-0421

TITLE

Cisco Prime Access Registrar Resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-012995

DESCRIPTION

A vulnerability in TCP connection management in Cisco Prime Access Registrar could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition when the application unexpectedly restarts. The vulnerability is due to incorrect handling of incoming TCP SYN packets to specific listening ports. The improper handling of the TCP SYN packets could cause a system file description to be allocated and not freed. An attacker could exploit this vulnerability by sending a crafted stream of TCP SYN packets to the application. A successful exploit could allow the attacker to cause the application to eventually restart if a file description cannot be obtained. Multiple Cisco Products are prone to a denial-of-service vulnerability. This issue is being tracked by Cisco Bug ID CSCvk08672. Both Cisco Prime Access Registrar and Prime Access Registrar Jumpstar are the Cisco Prime Access Registrar of Cisco (Cisco)

Trust: 1.98

sources: NVD: CVE-2018-0421 // JVNDB: JVNDB-2018-012995 // BID: 105282 // VULHUB: VHN-118623

AFFECTED PRODUCTS

vendor:	cisco	model:	prime access registrar	scope:	gte	version:	7.3	Trust: 1.0
vendor:	cisco	model:	prime access registrar	scope:	gte	version:	8.0	Trust: 1.0
vendor:	cisco	model:	prime access registrar	scope:	lt	version:	8.0.1.1	Trust: 1.0
vendor:	cisco	model:	prime access registrar jumpstart	scope:	gte	version:	8.0	Trust: 1.0
vendor:	cisco	model:	prime access registrar jumpstart	scope:	lt	version:	7.3.0.4	Trust: 1.0
vendor:	cisco	model:	prime access registrar jumpstart	scope:	gte	version:	7.3	Trust: 1.0
vendor:	cisco	model:	prime access registrar	scope:	lt	version:	7.3.0.4	Trust: 1.0
vendor:	cisco	model:	prime access registrar jumpstart	scope:	lt	version:	8.0.1.1	Trust: 1.0
vendor:	cisco	model:	prime access registrar	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	prime access registrar jumpstart	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	prime access registrar jumpstart	scope:	eq	version:	7.2	Trust: 0.3
vendor:	cisco	model:	prime access registrar	scope:	eq	version:	7.1	Trust: 0.3
vendor:	cisco	model:	prime access registrar	scope:	eq	version:	7.2	Trust: 0.3
vendor:	cisco	model:	prime access registrar	scope:	eq	version:	7.0.1.7	Trust: 0.3
vendor:	cisco	model:	prime access registrar jumpstart	scope:	ne	version:	8.0.1.1	Trust: 0.3
vendor:	cisco	model:	prime access registrar jumpstart	scope:	ne	version:	7.3.0.4	Trust: 0.3
vendor:	cisco	model:	prime access registrar	scope:	ne	version:	8.0.1.1	Trust: 0.3
vendor:	cisco	model:	prime access registrar	scope:	ne	version:	7.3.0.4	Trust: 0.3

sources: BID: 105282 // JVNDB: JVNDB-2018-012995 // NVD: CVE-2018-0421

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0421
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-0421
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201809-265
value:	HIGH
Trust: 0.6
VULHUB:	VHN-118623
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-0421
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-118623
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0421
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	4.0
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-118623 // JVNDB: JVNDB-2018-012995 // CNNVD: CNNVD-201809-265 // NVD: CVE-2018-0421

PROBLEMTYPE DATA

problemtype:	CWE-399	Trust: 1.8
problemtype:	CWE-772	Trust: 1.1

sources: VULHUB: VHN-118623 // JVNDB: JVNDB-2018-012995 // NVD: CVE-2018-0421

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201809-265

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201809-265

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-012995

PATCH

title:	cisco-sa-20180905-cpar-dos	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-cpar-dos	Trust: 0.8
title:	Cisco Prime Access Registrar and Prime Access Registrar Jumpstar Resource Management Error Vulnerability Repair measures	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84596	Trust: 0.6

sources: JVNDB: JVNDB-2018-012995 // CNNVD: CNNVD-201809-265

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0421	Trust: 2.8
db:	BID	id:	105282	Trust: 2.0
db:	SECTRACK	id:	1041684	Trust: 1.7
db:	JVNDB	id:	JVNDB-2018-012995	Trust: 0.8
db:	CNNVD	id:	CNNVD-201809-265	Trust: 0.7
db:	VULHUB	id:	VHN-118623	Trust: 0.1

sources: VULHUB: VHN-118623 // BID: 105282 // JVNDB: JVNDB-2018-012995 // CNNVD: CNNVD-201809-265 // NVD: CVE-2018-0421

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180905-cpar-dos	Trust: 2.0
url:	http://www.securityfocus.com/bid/105282	Trust: 1.7
url:	http://www.securitytracker.com/id/1041684	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0421	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0421	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-118623 // BID: 105282 // JVNDB: JVNDB-2018-012995 // CNNVD: CNNVD-201809-265 // NVD: CVE-2018-0421

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 105282

SOURCES

db:	VULHUB	id:	VHN-118623
db:	BID	id:	105282
db:	JVNDB	id:	JVNDB-2018-012995
db:	CNNVD	id:	CNNVD-201809-265
db:	NVD	id:	CVE-2018-0421

LAST UPDATE DATE

2024-11-23T23:04:57.507000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-118623	date:	2019-10-09T00:00:00
db:	BID	id:	105282	date:	2018-09-05T00:00:00
db:	JVNDB	id:	JVNDB-2018-012995	date:	2019-02-12T00:00:00
db:	CNNVD	id:	CNNVD-201809-265	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-0421	date:	2024-11-21T03:38:11.630

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-118623	date:	2018-10-05T00:00:00
db:	BID	id:	105282	date:	2018-09-05T00:00:00
db:	JVNDB	id:	JVNDB-2018-012995	date:	2019-02-12T00:00:00
db:	CNNVD	id:	CNNVD-201809-265	date:	2018-09-06T00:00:00
db:	NVD	id:	CVE-2018-0421	date:	2018-10-05T14:29:00.623