ID

VAR-201810-0346


CVE

CVE-2018-0475


TITLE

Cisco IOS Software and Cisco IOS XE Software input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-010837

DESCRIPTION

A vulnerability in the implementation of the cluster feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation when handling Cluster Management Protocol (CMP) messages. An attacker could exploit this vulnerability by sending a malicious CMP message to an affected device. A successful exploit could allow the attacker to cause the switch to crash and reload or to hang, resulting in a DoS condition. If the switch hangs it will not reboot automatically, and it will need to be power cycled manually to recover. ClusterManagementProtocol is one of the cluster management protocols. Attackers can exploit this issue to reboot the affected device, denying service to legitimate users This issue is being tracked by Cisco Bug ID CSCvg48576

Trust: 2.52

sources: NVD: CVE-2018-0475 // JVNDB: JVNDB-2018-010837 // CNVD: CNVD-2018-20297 // BID: 105404 // VULHUB: VHN-118677

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-20297

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:eqversion:15.0\(2.0.0\)

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:15.0\(2.0.0\)

Trust: 1.6

vendor:ciscomodel:ios softwarescope:eqversion:0

Trust: 0.9

vendor:ciscomodel:ios xe softwarescope:eqversion:0

Trust: 0.9

vendor:ciscomodel:catalyst switchesscope:eqversion:0

Trust: 0.9

vendor:ciscomodel:iosscope: - version: -

Trust: 0.8

vendor:ciscomodel:ios xescope: - version: -

Trust: 0.8

sources: CNVD: CNVD-2018-20297 // BID: 105404 // JVNDB: JVNDB-2018-010837 // CNNVD: CNNVD-201809-1235 // NVD: CVE-2018-0475

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0475
value: HIGH

Trust: 1.0

NVD: CVE-2018-0475
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-20297
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201809-1235
value: HIGH

Trust: 0.6

VULHUB: VHN-118677
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0475
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-20297
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-118677
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0475
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 4.0
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-20297 // VULHUB: VHN-118677 // JVNDB: JVNDB-2018-010837 // CNNVD: CNNVD-201809-1235 // NVD: CVE-2018-0475

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-118677 // JVNDB: JVNDB-2018-010837 // NVD: CVE-2018-0475

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201809-1235

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 105404 // CNNVD: CNNVD-201809-1235

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-010837

PATCH

title:cisco-sa-20180926-iosxe-cmdinjurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-iosxe-cmdinj

Trust: 0.8

title:Patch for Cisco IOS Software and IOSXESoftware Denial of Service Vulnerability (CNVD-2018-20297)url:https://www.cnvd.org.cn/patchInfo/show/141489

Trust: 0.6

title:Cisco IOS Software and IOS XE Software Enter the fix for the verification vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85251

Trust: 0.6

sources: CNVD: CNVD-2018-20297 // JVNDB: JVNDB-2018-010837 // CNNVD: CNNVD-201809-1235

EXTERNAL IDS

db:NVDid:CVE-2018-0475

Trust: 3.4

db:BIDid:105404

Trust: 2.6

db:SECTRACKid:1041737

Trust: 1.7

db:JVNDBid:JVNDB-2018-010837

Trust: 0.8

db:CNNVDid:CNNVD-201809-1235

Trust: 0.7

db:CNVDid:CNVD-2018-20297

Trust: 0.6

db:VULHUBid:VHN-118677

Trust: 0.1

sources: CNVD: CNVD-2018-20297 // VULHUB: VHN-118677 // BID: 105404 // JVNDB: JVNDB-2018-010837 // CNNVD: CNNVD-201809-1235 // NVD: CVE-2018-0475

REFERENCES

url:http://www.securityfocus.com/bid/105404

Trust: 2.3

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180926-cmp

Trust: 2.0

url:http://www.securitytracker.com/id/1041737

Trust: 1.7

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0475

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-0475

Trust: 0.8

url:http://www.cisco.com/

Trust: 0.3

sources: CNVD: CNVD-2018-20297 // VULHUB: VHN-118677 // BID: 105404 // JVNDB: JVNDB-2018-010837 // CNNVD: CNNVD-201809-1235 // NVD: CVE-2018-0475

CREDITS

Dmitry Kuznetsov of Digital Security.

Trust: 0.9

sources: BID: 105404 // CNNVD: CNNVD-201809-1235

SOURCES

db:CNVDid:CNVD-2018-20297
db:VULHUBid:VHN-118677
db:BIDid:105404
db:JVNDBid:JVNDB-2018-010837
db:CNNVDid:CNNVD-201809-1235
db:NVDid:CVE-2018-0475

LAST UPDATE DATE

2024-08-14T13:45:32.618000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2018-20297date:2018-09-30T00:00:00
db:VULHUBid:VHN-118677date:2019-10-09T00:00:00
db:BIDid:105404date:2018-09-26T00:00:00
db:JVNDBid:JVNDB-2018-010837date:2018-12-25T00:00:00
db:CNNVDid:CNNVD-201809-1235date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0475date:2019-10-09T23:32:10.007

SOURCES RELEASE DATE

db:CNVDid:CNVD-2018-20297date:2018-09-30T00:00:00
db:VULHUBid:VHN-118677date:2018-10-05T00:00:00
db:BIDid:105404date:2018-09-26T00:00:00
db:JVNDBid:JVNDB-2018-010837date:2018-12-25T00:00:00
db:CNNVDid:CNNVD-201809-1235date:2018-09-28T00:00:00
db:NVDid:CVE-2018-0475date:2018-10-05T14:29:05.247