ID

VAR-201810-0339


CVE

CVE-2018-0466


TITLE

Cisco IOS and Cisco IOS XE Software resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-013263

DESCRIPTION

A vulnerability in the Open Shortest Path First version 3 (OSPFv3) implementation in Cisco IOS and IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload. The vulnerability is due to incorrect handling of specific OSPFv3 packets. An attacker could exploit this vulnerability by sending crafted OSPFv3 Link-State Advertisements (LSA) to an affected device. An exploit could allow the attacker to cause an affected device to reload, leading to a denial of service (DoS) condition. Cisco IOS and Cisco IOS XE The software contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state

Trust: 2.52

sources: NVD: CVE-2018-0466 // JVNDB: JVNDB-2018-013263 // CNVD: CNVD-2018-20235 // BID: 105403 // VULHUB: VHN-118668

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-20235

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:eqversion:16.2.1

Trust: 1.6

vendor:ciscomodel:ios xescope:eqversion:16.2.1

Trust: 1.6

vendor:ciscomodel:ios xescope: - version: -

Trust: 1.4

vendor:ciscomodel:iosscope: - version: -

Trust: 1.4

vendor:rockwellmodel:automation allen-bradley stratixscope:eqversion:83000

Trust: 0.3

vendor:rockwellmodel:automation allen-bradley stratix 15.2 e0ascope:eqversion:8000

Trust: 0.3

vendor:rockwellmodel:automation allen-bradley stratix 15.2 ea.fc4scope:eqversion:8000

Trust: 0.3

vendor:rockwellmodel:automation allen-bradley stratix 15.2 e0ascope:eqversion:5700

Trust: 0.3

vendor:rockwellmodel:automation allen-bradley stratix 15.2 ea.fc4scope:eqversion:5700

Trust: 0.3

vendor:rockwellmodel:automation allen-bradley stratix 15.2 e0ascope:eqversion:5410

Trust: 0.3

vendor:rockwellmodel:automation allen-bradley stratix 15.2 ea.fc4scope:eqversion:5410

Trust: 0.3

vendor:rockwellmodel:automation allen-bradley stratix 15.2 ea3scope:eqversion:5410

Trust: 0.3

vendor:rockwellmodel:automation allen-bradley stratix 15.2 ebscope:eqversion:5410

Trust: 0.3

vendor:rockwellmodel:automation allen-bradley stratix 15.2 e0ascope:eqversion:5400

Trust: 0.3

vendor:rockwellmodel:automation allen-bradley stratix 15.2 ea.fc4scope:eqversion:5400

Trust: 0.3

vendor:rockwellmodel:automation allen-bradley stratix 15.2 ea3scope:eqversion:5400

Trust: 0.3

vendor:rockwellmodel:automation allen-bradley stratix 15.2 ea2scope:eqversion:5400

Trust: 0.3

vendor:rockwellmodel:automation allen-bradley stratix 15.2 ea1scope:eqversion:5400

Trust: 0.3

vendor:rockwellmodel:automation allen-bradley armorstratix 15.2 e0ascope:eqversion:5700

Trust: 0.3

vendor:rockwellmodel:automation allen-bradley armorstratix 15.2 ea.fc4scope:eqversion:5700

Trust: 0.3

vendor:rockwallmodel:automation allen-bradley stratix 15.2 ea3scope:eqversion:8000

Trust: 0.3

vendor:rockwallmodel:automation allen-bradley stratix 15.2 ea3scope:eqversion:5700

Trust: 0.3

vendor:rockwallmodel:automation allen-bradley armorstratix 15.2 ea3scope:eqversion:5700

Trust: 0.3

vendor:ciscomodel:ios xe softwarescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:0

Trust: 0.3

vendor:rockwellmodel:automation allen-bradley stratix 15.2 ea7scope:neversion:8300

Trust: 0.3

vendor:rockwellmodel:automation allen-bradley stratix 15.2 e2ascope:neversion:8000

Trust: 0.3

vendor:rockwellmodel:automation allen-bradley stratix 15.2 e2ascope:neversion:5700

Trust: 0.3

vendor:rockwellmodel:automation allen-bradley stratix 15.2 e2ascope:neversion:5410

Trust: 0.3

vendor:rockwellmodel:automation allen-bradley stratix 15.2 e2ascope:neversion:5400

Trust: 0.3

vendor:rockwellmodel:automation allen-bradley armorstratix 15.2 e2ascope:neversion:5700

Trust: 0.3

sources: CNVD: CNVD-2018-20235 // BID: 105403 // JVNDB: JVNDB-2018-013263 // CNNVD: CNNVD-201809-1236 // NVD: CVE-2018-0466

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0466
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-0466
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-20235
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201809-1236
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118668
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0466
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-20235
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-118668
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0466
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-20235 // VULHUB: VHN-118668 // JVNDB: JVNDB-2018-013263 // CNNVD: CNNVD-201809-1236 // NVD: CVE-2018-0466

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: VULHUB: VHN-118668 // JVNDB: JVNDB-2018-013263 // NVD: CVE-2018-0466

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201809-1236

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201809-1236

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013263

PATCH

title:cisco-sa-20180926-ospfv3-dosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-ospfv3-dos

Trust: 0.8

title:Patch for Cisco IOS and IOSXE Denial of Service Vulnerability (CNVD-2018-20235)url:https://www.cnvd.org.cn/patchInfo/show/141423

Trust: 0.6

title:Cisco IOS Software and IOS XE Software Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91652

Trust: 0.6

sources: CNVD: CNVD-2018-20235 // JVNDB: JVNDB-2018-013263 // CNNVD: CNNVD-201809-1236

EXTERNAL IDS

db:NVDid:CVE-2018-0466

Trust: 3.4

db:ICS CERTid:ICSA-19-094-03

Trust: 2.8

db:BIDid:105403

Trust: 2.0

db:SECTRACKid:1041737

Trust: 1.7

db:JVNDBid:JVNDB-2018-013263

Trust: 0.8

db:CNNVDid:CNNVD-201809-1236

Trust: 0.7

db:CNVDid:CNVD-2018-20235

Trust: 0.6

db:ICS CERTid:ICSA-19-094-02

Trust: 0.6

db:NSFOCUSid:43557

Trust: 0.6

db:AUSCERTid:ESB-2019.1153

Trust: 0.6

db:VULHUBid:VHN-118668

Trust: 0.1

sources: CNVD: CNVD-2018-20235 // VULHUB: VHN-118668 // BID: 105403 // JVNDB: JVNDB-2018-013263 // CNNVD: CNNVD-201809-1236 // NVD: CVE-2018-0466

REFERENCES

url:http://www.securityfocus.com/bid/105403

Trust: 2.9

url:https://ics-cert.us-cert.gov/advisories/icsa-19-094-03

Trust: 2.8

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180926-ospfv3-dos

Trust: 2.6

url:http://www.securitytracker.com/id/1041737

Trust: 1.7

url:http://www.cisco.com/

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0466

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-0466

Trust: 0.8

url:https://ics-cert.us-cert.gov/advisories/icsa-19-094-02

Trust: 0.6

url:https://www.auscert.org.au/bulletins/78478

Trust: 0.6

url:http://www.nsfocus.net/vulndb/43557

Trust: 0.6

sources: CNVD: CNVD-2018-20235 // VULHUB: VHN-118668 // BID: 105403 // JVNDB: JVNDB-2018-013263 // CNNVD: CNNVD-201809-1236 // NVD: CVE-2018-0466

CREDITS

The vendor reported this issue.,Rockwell Automation reported these vulnerabilities to NCCIC.

Trust: 0.6

sources: CNNVD: CNNVD-201809-1236

SOURCES

db:CNVDid:CNVD-2018-20235
db:VULHUBid:VHN-118668
db:BIDid:105403
db:JVNDBid:JVNDB-2018-013263
db:CNNVDid:CNNVD-201809-1236
db:NVDid:CVE-2018-0466

LAST UPDATE DATE

2024-08-14T13:45:32.695000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2018-20235date:2018-09-30T00:00:00
db:VULHUBid:VHN-118668date:2019-10-03T00:00:00
db:BIDid:105403date:2019-04-05T07:00:00
db:JVNDBid:JVNDB-2018-013263date:2019-04-10T00:00:00
db:CNNVDid:CNNVD-201809-1236date:2019-10-23T00:00:00
db:NVDid:CVE-2018-0466date:2019-10-03T00:03:26.223

SOURCES RELEASE DATE

db:CNVDid:CNVD-2018-20235date:2018-09-30T00:00:00
db:VULHUBid:VHN-118668date:2018-10-05T00:00:00
db:BIDid:105403date:2018-09-26T00:00:00
db:JVNDBid:JVNDB-2018-013263date:2019-02-18T00:00:00
db:CNNVDid:CNNVD-201809-1236date:2018-09-28T00:00:00
db:NVDid:CVE-2018-0466date:2018-10-05T14:29:04.467