Sign-up

ID

VAR-201810-0341


CVE

CVE-2018-0469


TITLE

Cisco IOS XE Double release vulnerability in software

Trust: 0.8

sources: JVNDB: JVNDB-2018-010838

DESCRIPTION

A vulnerability in the web user interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a double-free-in-memory handling by the affected software when specific HTTP requests are processed. An attacker could exploit this vulnerability by sending specific HTTP requests to the web user interface of the affected software. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition on an affected device. To exploit this vulnerability, the attacker must have access to the management interface of the affected software, which is typically connected to a restricted management network. Cisco IOS XE The software contains a double release vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The Cisco Catalyst 3650 and 3850 Series Switches are both Cisco switches. IOSXESoftware is a set of operating systems developed by Cisco for its network devices. Cisco IOS XE Software is prone to a denial-of-service vulnerability

Trust: 2.52

sources: NVD: CVE-2018-0469 // JVNDB: JVNDB-2018-010838 // CNVD: CNVD-2018-20257 // BID: 105423 // VULHUB: VHN-118671

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-20257

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:eqversion:16.5.1

Trust: 1.6

vendor:ciscomodel:ios xescope: - version: -

Trust: 0.8

vendor:ciscomodel:catalyst series switchesscope:eqversion:3650

Trust: 0.6

vendor:ciscomodel:catalyst series switchesscope:eqversion:3850

Trust: 0.6

vendor:ciscomodel:ios xe softwarescope:eqversion:16.9.1

Trust: 0.3

vendor:ciscomodel:ios xe softwarescope:eqversion:16.8.1

Trust: 0.3

vendor:ciscomodel:ios xe softwarescope:eqversion:16.2.2

Trust: 0.3

vendor:ciscomodel:ios xe softwarescope:eqversion:16.6.2

Trust: 0.3

vendor:ciscomodel:ios xe softwarescope:eqversion:16.6.1

Trust: 0.3

vendor:ciscomodel:ios xe softwarescope:eqversion:16.3.5

Trust: 0.3

vendor:ciscomodel:ios xe softwarescope:eqversion:16.3.4

Trust: 0.3

vendor:ciscomodel:ios xe softwarescope:eqversion:16.3.3

Trust: 0.3

vendor:ciscomodel:ios xe softwarescope:eqversion:16.3.2

Trust: 0.3

vendor:ciscomodel:ios xe softwarescope:eqversion:16.3.1

Trust: 0.3

vendor:ciscomodel:ios xe softwarescope:eqversion:16.3

Trust: 0.3

vendor:ciscomodel:ios xe softwarescope:eqversion:16.2.1

Trust: 0.3

vendor:ciscomodel:ios xe softwarescope:eqversion:16.2

Trust: 0.3

vendor:ciscomodel:ios xe softwarescope:eqversion:16.1.1

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:16.5.1

Trust: 0.3

vendor:ciscomodel:catalyst series switchesscope:eqversion:38500

Trust: 0.3

vendor:ciscomodel:catalyst series switchesscope:eqversion:36500

Trust: 0.3

sources: CNVD: CNVD-2018-20257 // BID: 105423 // JVNDB: JVNDB-2018-010838 // CNNVD: CNNVD-201809-1252 // NVD: CVE-2018-0469

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0469
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-0469
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-20257
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201809-1252
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118671
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-0469
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-20257
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-118671
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0469
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 4.0
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-20257 // VULHUB: VHN-118671 // JVNDB: JVNDB-2018-010838 // CNNVD: CNNVD-201809-1252 // NVD: CVE-2018-0469

PROBLEMTYPE DATA

problemtype:CWE-415

Trust: 1.9

sources: VULHUB: VHN-118671 // JVNDB: JVNDB-2018-010838 // NVD: CVE-2018-0469

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201809-1252

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201809-1252

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-010838

PATCH
title:cisco-sa-20180926-webuidosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-webuidos
Trust: 0.8
title:Patch for Cisco Catalyst 3650 and 3850 Series Switches IOSXESoftware Denial of Service Vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/141437
Trust: 0.6
title:Cisco Catalyst 3650  and 3850 Series Switches IOS XE Software Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85261
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-20257 // 
            
            
            
            JVNDB: JVNDB-2018-010838 // 
            
            
            
            CNNVD: CNNVD-201809-1252

EXTERNAL IDS
db:NVDid:CVE-2018-0469
Trust: 3.4
db:BIDid:105423
Trust: 2.0
db:SECTRACKid:1041737
Trust: 1.7
db:JVNDBid:JVNDB-2018-010838
Trust: 0.8
db:CNNVDid:CNNVD-201809-1252
Trust: 0.7
db:CNVDid:CNVD-2018-20257
Trust: 0.6
db:VULHUBid:VHN-118671
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-20257 // 
            
            
            
            VULHUB: VHN-118671 // 
            
            
            
            BID: 105423 // 
            
            
            
            JVNDB: JVNDB-2018-010838 // 
            
            
            
            CNNVD: CNNVD-201809-1252 // 
            
            
            
            NVD: CVE-2018-0469

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180926-webuidos
Trust: 2.6
url:http://www.securityfocus.com/bid/105423
Trust: 1.7
url:http://www.securitytracker.com/id/1041737
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0469
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0469
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-20257 // 
            
            
            
            VULHUB: VHN-118671 // 
            
            
            
            BID: 105423 // 
            
            
            
            JVNDB: JVNDB-2018-010838 // 
            
            
            
            CNNVD: CNNVD-201809-1252 // 
            
            
            
            NVD: CVE-2018-0469

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 105423

SOURCES
db:CNVDid:CNVD-2018-20257
db:VULHUBid:VHN-118671
db:BIDid:105423
db:JVNDBid:JVNDB-2018-010838
db:CNNVDid:CNNVD-201809-1252
db:NVDid:CVE-2018-0469

LAST UPDATE DATE
2024-08-14T13:45:33.043000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-20257date:2018-10-08T00:00:00
db:VULHUBid:VHN-118671date:2019-10-09T00:00:00
db:BIDid:105423date:2018-09-26T00:00:00
db:JVNDBid:JVNDB-2018-010838date:2018-12-25T00:00:00
db:CNNVDid:CNNVD-201809-1252date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0469date:2019-10-09T23:32:09.367

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-20257date:2018-09-30T00:00:00
db:VULHUBid:VHN-118671date:2018-10-05T00:00:00
db:BIDid:105423date:2018-09-26T00:00:00
db:JVNDBid:JVNDB-2018-010838date:2018-12-25T00:00:00
db:CNNVDid:CNNVD-201809-1252date:2018-09-28T00:00:00
db:NVDid:CVE-2018-0469date:2018-10-05T14:29:04.683