ID

VAR-201810-0345


CVE

CVE-2018-0473


TITLE

Cisco IOS Software resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-013054

DESCRIPTION

A vulnerability in the Precision Time Protocol (PTP) subsystem of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition of the Precision Time Protocol. The vulnerability is due to insufficient processing of PTP packets. An attacker could exploit this vulnerability by sending a custom PTP packet to, or through, an affected device. A successful exploit could allow the attacker to cause a DoS condition for the PTP subsystem, resulting in time synchronization issues across the network. Cisco IOS The software contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The Cisco 2500 Series Connected Grid Switches and so on are all different types of switches from Cisco. Attackers can exploit this issue to cause denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCvf94015 and CSCvh77659

Trust: 2.52

sources: NVD: CVE-2018-0473 // JVNDB: JVNDB-2018-013054 // CNVD: CNVD-2018-20260 // BID: 105427 // VULHUB: VHN-118675

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-20260

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:eqversion:15.2\(5\)

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:15.2\(4\)e

Trust: 1.6

vendor:ciscomodel:iosscope: - version: -

Trust: 0.8

vendor:ciscomodel:industrial ethernet series switchesscope:eqversion:2000

Trust: 0.6

vendor:ciscomodel:industrial ethernet series switchesscope:eqversion:4010

Trust: 0.6

vendor:ciscomodel:series connected grid switchesscope:eqversion:2500

Trust: 0.6

vendor:ciscomodel:connected grid ethernet switch module interface cardscope: - version: -

Trust: 0.6

vendor:ciscomodel:industrial ethernet 2000u series switchesscope: - version: -

Trust: 0.6

vendor:ciscomodel:industrial ethernet series switchesscope:eqversion:3000

Trust: 0.6

vendor:ciscomodel:industrial ethernet series switchesscope:eqversion:3010

Trust: 0.6

vendor:ciscomodel:industrial ethernet series switchesscope:eqversion:4000

Trust: 0.6

vendor:ciscomodel:industrial ethernet series switchesscope:eqversion:5000

Trust: 0.6

vendor:rockwellmodel:automation allen-bradley stratixscope:eqversion:83000

Trust: 0.3

vendor:rockwellmodel:automation allen-bradley stratix 15.2 e0ascope:eqversion:8000

Trust: 0.3

vendor:rockwellmodel:automation allen-bradley stratix 15.2 ea.fc4scope:eqversion:8000

Trust: 0.3

vendor:rockwellmodel:automation allen-bradley stratix 15.2 e0ascope:eqversion:5700

Trust: 0.3

vendor:rockwellmodel:automation allen-bradley stratix 15.2 ea.fc4scope:eqversion:5700

Trust: 0.3

vendor:rockwellmodel:automation allen-bradley stratix 15.2 e0ascope:eqversion:5410

Trust: 0.3

vendor:rockwellmodel:automation allen-bradley stratix 15.2 ea.fc4scope:eqversion:5410

Trust: 0.3

vendor:rockwellmodel:automation allen-bradley stratix 15.2 ea3scope:eqversion:5410

Trust: 0.3

vendor:rockwellmodel:automation allen-bradley stratix 15.2 ebscope:eqversion:5410

Trust: 0.3

vendor:rockwellmodel:automation allen-bradley stratix 15.2 e0ascope:eqversion:5400

Trust: 0.3

vendor:rockwellmodel:automation allen-bradley stratix 15.2 ea.fc4scope:eqversion:5400

Trust: 0.3

vendor:rockwellmodel:automation allen-bradley stratix 15.2 ea3scope:eqversion:5400

Trust: 0.3

vendor:rockwellmodel:automation allen-bradley stratix 15.2 ea2scope:eqversion:5400

Trust: 0.3

vendor:rockwellmodel:automation allen-bradley stratix 15.2 ea1scope:eqversion:5400

Trust: 0.3

vendor:rockwellmodel:automation allen-bradley armorstratix 15.2 e0ascope:eqversion:5700

Trust: 0.3

vendor:rockwellmodel:automation allen-bradley armorstratix 15.2 ea.fc4scope:eqversion:5700

Trust: 0.3

vendor:rockwallmodel:automation allen-bradley stratix 15.2 ea3scope:eqversion:8000

Trust: 0.3

vendor:rockwallmodel:automation allen-bradley armorstratix 15.2 ea3scope:eqversion:5700

Trust: 0.3

vendor:ciscomodel:ios softwarescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:industrial ethernet series switchesscope:eqversion:50000

Trust: 0.3

vendor:ciscomodel:industrial ethernet series switchesscope:eqversion:40100

Trust: 0.3

vendor:ciscomodel:industrial ethernet series switchesscope:eqversion:40000

Trust: 0.3

vendor:ciscomodel:industrial ethernet series switchesscope:eqversion:30100

Trust: 0.3

vendor:ciscomodel:industrial ethernet series switchesscope:eqversion:30000

Trust: 0.3

vendor:ciscomodel:industrial ethernet 2000u series switchesscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:industrial ethernet series switchesscope:eqversion:20000

Trust: 0.3

vendor:ciscomodel:connected grid ethernet switch module interface cardscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:series connected grid switchesscope:eqversion:25000

Trust: 0.3

vendor:rockwellmodel:automation allen-bradley stratix 15.2 ea7scope:neversion:8300

Trust: 0.3

vendor:rockwellmodel:automation allen-bradley stratix 15.2 e2ascope:neversion:8000

Trust: 0.3

vendor:rockwellmodel:automation allen-bradley stratix 15.2 e2ascope:neversion:5700

Trust: 0.3

vendor:rockwellmodel:automation allen-bradley stratix 15.2 e2ascope:neversion:5410

Trust: 0.3

vendor:rockwellmodel:automation allen-bradley stratix 15.2 e2ascope:neversion:5400

Trust: 0.3

vendor:rockwellmodel:automation allen-bradley armorstratix 15.2 e2ascope:neversion:5700

Trust: 0.3

sources: CNVD: CNVD-2018-20260 // BID: 105427 // JVNDB: JVNDB-2018-013054 // CNNVD: CNNVD-201809-1255 // NVD: CVE-2018-0473

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0473
value: HIGH

Trust: 1.0

NVD: CVE-2018-0473
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-20260
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201809-1255
value: HIGH

Trust: 0.6

VULHUB: VHN-118675
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0473
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-20260
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-118675
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0473
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-20260 // VULHUB: VHN-118675 // JVNDB: JVNDB-2018-013054 // CNNVD: CNNVD-201809-1255 // NVD: CVE-2018-0473

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: VULHUB: VHN-118675 // JVNDB: JVNDB-2018-013054 // NVD: CVE-2018-0473

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201809-1255

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201809-1255

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013054

PATCH

title:cisco-sa-20180926-ptpurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-ptp

Trust: 0.8

title:Cisco IOS Software PrecisionTimeProtocol denies service patch vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/141457

Trust: 0.6

title:Multiple Cisco product IOS Software Precision Time Protocol Fixes for Subsystem Resource Management Error Vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85264

Trust: 0.6

sources: CNVD: CNVD-2018-20260 // JVNDB: JVNDB-2018-013054 // CNNVD: CNNVD-201809-1255

EXTERNAL IDS

db:NVDid:CVE-2018-0473

Trust: 3.4

db:ICS CERTid:ICSA-19-094-03

Trust: 2.8

db:BIDid:105427

Trust: 2.0

db:SECTRACKid:1041737

Trust: 1.7

db:JVNDBid:JVNDB-2018-013054

Trust: 0.8

db:CNNVDid:CNNVD-201809-1255

Trust: 0.7

db:CNVDid:CNVD-2018-20260

Trust: 0.6

db:AUSCERTid:ESB-2018.2903.2

Trust: 0.6

db:AUSCERTid:ESB-2019.1153

Trust: 0.6

db:ICS CERTid:ICSA-19-094-02

Trust: 0.6

db:VULHUBid:VHN-118675

Trust: 0.1

sources: CNVD: CNVD-2018-20260 // VULHUB: VHN-118675 // BID: 105427 // JVNDB: JVNDB-2018-013054 // CNNVD: CNNVD-201809-1255 // NVD: CVE-2018-0473

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180926-ptp

Trust: 3.2

url:http://www.securityfocus.com/bid/105427

Trust: 2.9

url:https://ics-cert.us-cert.gov/advisories/icsa-19-094-03

Trust: 2.8

url:http://www.securitytracker.com/id/1041737

Trust: 1.7

url:http://www.cisco.com/c/en/us/products/ios-nx-os-software/ios-xe/index.html

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0473

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-0473

Trust: 0.8

url:https://ics-cert.us-cert.gov/advisories/icsa-19-094-02

Trust: 0.6

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180926-ir800-memwrite

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2018.2903.2/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/78478

Trust: 0.6

url:http://www.cisco.com/

Trust: 0.3

sources: CNVD: CNVD-2018-20260 // VULHUB: VHN-118675 // BID: 105427 // JVNDB: JVNDB-2018-013054 // CNNVD: CNNVD-201809-1255 // NVD: CVE-2018-0473

CREDITS

The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.,Cisco,Rockwell Automation reported these vulnerabilities to NCCIC.

Trust: 0.6

sources: CNNVD: CNNVD-201809-1255

SOURCES

db:CNVDid:CNVD-2018-20260
db:VULHUBid:VHN-118675
db:BIDid:105427
db:JVNDBid:JVNDB-2018-013054
db:CNNVDid:CNNVD-201809-1255
db:NVDid:CVE-2018-0473

LAST UPDATE DATE

2024-08-14T13:45:32.540000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2018-20260date:2018-09-30T00:00:00
db:VULHUBid:VHN-118675date:2019-10-03T00:00:00
db:BIDid:105427date:2019-04-05T07:00:00
db:JVNDBid:JVNDB-2018-013054date:2019-04-10T00:00:00
db:CNNVDid:CNNVD-201809-1255date:2019-10-23T00:00:00
db:NVDid:CVE-2018-0473date:2019-10-03T00:03:26.223

SOURCES RELEASE DATE

db:CNVDid:CNVD-2018-20260date:2018-09-30T00:00:00
db:VULHUBid:VHN-118675date:2018-10-05T00:00:00
db:BIDid:105427date:2018-09-26T00:00:00
db:JVNDBid:JVNDB-2018-013054date:2019-02-14T00:00:00
db:CNNVDid:CNNVD-201809-1255date:2018-09-28T00:00:00
db:NVDid:CVE-2018-0473date:2018-10-05T14:29:05.137