ID

VAR-201810-0341


CVE

CVE-2018-0469


TITLE

Cisco IOS XE Double release vulnerability in software

Trust: 0.8

sources: JVNDB: JVNDB-2018-010838

DESCRIPTION

A vulnerability in the web user interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a double-free-in-memory handling by the affected software when specific HTTP requests are processed. An attacker could exploit this vulnerability by sending specific HTTP requests to the web user interface of the affected software. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition on an affected device. To exploit this vulnerability, the attacker must have access to the management interface of the affected software, which is typically connected to a restricted management network. Cisco IOS XE The software contains a double release vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The Cisco Catalyst 3650 and 3850 Series Switches are both Cisco switches. IOSXESoftware is a set of operating systems developed by Cisco for its network devices. Cisco IOS XE Software is prone to a denial-of-service vulnerability

Trust: 2.52

sources: NVD: CVE-2018-0469 // JVNDB: JVNDB-2018-010838 // CNVD: CNVD-2018-20257 // BID: 105423 // VULHUB: VHN-118671

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-20257

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:eqversion:16.5.1

Trust: 1.6

vendor:ciscomodel:ios xescope: - version: -

Trust: 0.8

vendor:ciscomodel:catalyst series switchesscope:eqversion:3650

Trust: 0.6

vendor:ciscomodel:catalyst series switchesscope:eqversion:3850

Trust: 0.6

vendor:ciscomodel:ios xe softwarescope:eqversion:16.9.1

Trust: 0.3

vendor:ciscomodel:ios xe softwarescope:eqversion:16.8.1

Trust: 0.3

vendor:ciscomodel:ios xe softwarescope:eqversion:16.2.2

Trust: 0.3

vendor:ciscomodel:ios xe softwarescope:eqversion:16.6.2

Trust: 0.3

vendor:ciscomodel:ios xe softwarescope:eqversion:16.6.1

Trust: 0.3

vendor:ciscomodel:ios xe softwarescope:eqversion:16.3.5

Trust: 0.3

vendor:ciscomodel:ios xe softwarescope:eqversion:16.3.4

Trust: 0.3

vendor:ciscomodel:ios xe softwarescope:eqversion:16.3.3

Trust: 0.3

vendor:ciscomodel:ios xe softwarescope:eqversion:16.3.2

Trust: 0.3

vendor:ciscomodel:ios xe softwarescope:eqversion:16.3.1

Trust: 0.3

vendor:ciscomodel:ios xe softwarescope:eqversion:16.3

Trust: 0.3

vendor:ciscomodel:ios xe softwarescope:eqversion:16.2.1

Trust: 0.3

vendor:ciscomodel:ios xe softwarescope:eqversion:16.2

Trust: 0.3

vendor:ciscomodel:ios xe softwarescope:eqversion:16.1.1

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:16.5.1

Trust: 0.3

vendor:ciscomodel:catalyst series switchesscope:eqversion:38500

Trust: 0.3

vendor:ciscomodel:catalyst series switchesscope:eqversion:36500

Trust: 0.3

sources: CNVD: CNVD-2018-20257 // BID: 105423 // JVNDB: JVNDB-2018-010838 // CNNVD: CNNVD-201809-1252 // NVD: CVE-2018-0469

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0469
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-0469
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-20257
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201809-1252
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118671
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-0469
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-20257
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-118671
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0469
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 4.0
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-20257 // VULHUB: VHN-118671 // JVNDB: JVNDB-2018-010838 // CNNVD: CNNVD-201809-1252 // NVD: CVE-2018-0469

PROBLEMTYPE DATA

problemtype:CWE-415

Trust: 1.9

sources: VULHUB: VHN-118671 // JVNDB: JVNDB-2018-010838 // NVD: CVE-2018-0469

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201809-1252

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201809-1252

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-010838

PATCH

title:cisco-sa-20180926-webuidosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-webuidos

Trust: 0.8

title:Patch for Cisco Catalyst 3650 and 3850 Series Switches IOSXESoftware Denial of Service Vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/141437

Trust: 0.6

title:Cisco Catalyst 3650 and 3850 Series Switches IOS XE Software Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85261

Trust: 0.6

sources: CNVD: CNVD-2018-20257 // JVNDB: JVNDB-2018-010838 // CNNVD: CNNVD-201809-1252

EXTERNAL IDS

db:NVDid:CVE-2018-0469

Trust: 3.4

db:BIDid:105423

Trust: 2.0

db:SECTRACKid:1041737

Trust: 1.7

db:JVNDBid:JVNDB-2018-010838

Trust: 0.8

db:CNNVDid:CNNVD-201809-1252

Trust: 0.7

db:CNVDid:CNVD-2018-20257

Trust: 0.6

db:VULHUBid:VHN-118671

Trust: 0.1

sources: CNVD: CNVD-2018-20257 // VULHUB: VHN-118671 // BID: 105423 // JVNDB: JVNDB-2018-010838 // CNNVD: CNNVD-201809-1252 // NVD: CVE-2018-0469

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180926-webuidos

Trust: 2.6

url:http://www.securityfocus.com/bid/105423

Trust: 1.7

url:http://www.securitytracker.com/id/1041737

Trust: 1.7

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0469

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-0469

Trust: 0.8

url:http://www.cisco.com/

Trust: 0.3

sources: CNVD: CNVD-2018-20257 // VULHUB: VHN-118671 // BID: 105423 // JVNDB: JVNDB-2018-010838 // CNNVD: CNNVD-201809-1252 // NVD: CVE-2018-0469

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 105423

SOURCES

db:CNVDid:CNVD-2018-20257
db:VULHUBid:VHN-118671
db:BIDid:105423
db:JVNDBid:JVNDB-2018-010838
db:CNNVDid:CNNVD-201809-1252
db:NVDid:CVE-2018-0469

LAST UPDATE DATE

2024-08-14T13:45:33.043000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2018-20257date:2018-10-08T00:00:00
db:VULHUBid:VHN-118671date:2019-10-09T00:00:00
db:BIDid:105423date:2018-09-26T00:00:00
db:JVNDBid:JVNDB-2018-010838date:2018-12-25T00:00:00
db:CNNVDid:CNNVD-201809-1252date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0469date:2019-10-09T23:32:09.367

SOURCES RELEASE DATE

db:CNVDid:CNVD-2018-20257date:2018-09-30T00:00:00
db:VULHUBid:VHN-118671date:2018-10-05T00:00:00
db:BIDid:105423date:2018-09-26T00:00:00
db:JVNDBid:JVNDB-2018-010838date:2018-12-25T00:00:00
db:CNNVDid:CNNVD-201809-1252date:2018-09-28T00:00:00
db:NVDid:CVE-2018-0469date:2018-10-05T14:29:04.683