Sign-up

ID

VAR-201810-0346


CVE

CVE-2018-0475


TITLE

Cisco IOS Software and Cisco IOS XE Software input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-010837

DESCRIPTION

A vulnerability in the implementation of the cluster feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation when handling Cluster Management Protocol (CMP) messages. An attacker could exploit this vulnerability by sending a malicious CMP message to an affected device. A successful exploit could allow the attacker to cause the switch to crash and reload or to hang, resulting in a DoS condition. If the switch hangs it will not reboot automatically, and it will need to be power cycled manually to recover. ClusterManagementProtocol is one of the cluster management protocols. Attackers can exploit this issue to reboot the affected device, denying service to legitimate users This issue is being tracked by Cisco Bug ID CSCvg48576

Trust: 2.52

sources: NVD: CVE-2018-0475 // JVNDB: JVNDB-2018-010837 // CNVD: CNVD-2018-20297 // BID: 105404 // VULHUB: VHN-118677

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-20297

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:eqversion:15.0\(2.0.0\)

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:15.0\(2.0.0\)

Trust: 1.6

vendor:ciscomodel:ios softwarescope:eqversion:0

Trust: 0.9

vendor:ciscomodel:ios xe softwarescope:eqversion:0

Trust: 0.9

vendor:ciscomodel:catalyst switchesscope:eqversion:0

Trust: 0.9

vendor:ciscomodel:iosscope: - version: -

Trust: 0.8

vendor:ciscomodel:ios xescope: - version: -

Trust: 0.8

sources: CNVD: CNVD-2018-20297 // BID: 105404 // JVNDB: JVNDB-2018-010837 // CNNVD: CNNVD-201809-1235 // NVD: CVE-2018-0475

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0475
value: HIGH

Trust: 1.0

NVD: CVE-2018-0475
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-20297
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201809-1235
value: HIGH

Trust: 0.6

VULHUB: VHN-118677
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0475
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-20297
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-118677
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0475
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 4.0
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-20297 // VULHUB: VHN-118677 // JVNDB: JVNDB-2018-010837 // CNNVD: CNNVD-201809-1235 // NVD: CVE-2018-0475

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-118677 // JVNDB: JVNDB-2018-010837 // NVD: CVE-2018-0475

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201809-1235

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 105404 // CNNVD: CNNVD-201809-1235

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-010837

PATCH
title:cisco-sa-20180926-iosxe-cmdinjurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-iosxe-cmdinj
Trust: 0.8
title:Patch for Cisco IOS Software and IOSXESoftware Denial of Service Vulnerability (CNVD-2018-20297)url:https://www.cnvd.org.cn/patchInfo/show/141489
Trust: 0.6
title:Cisco IOS Software  and IOS XE Software Enter the fix for the verification vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85251
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-20297 // 
            
            
            
            JVNDB: JVNDB-2018-010837 // 
            
            
            
            CNNVD: CNNVD-201809-1235

EXTERNAL IDS
db:NVDid:CVE-2018-0475
Trust: 3.4
db:BIDid:105404
Trust: 2.6
db:SECTRACKid:1041737
Trust: 1.7
db:JVNDBid:JVNDB-2018-010837
Trust: 0.8
db:CNNVDid:CNNVD-201809-1235
Trust: 0.7
db:CNVDid:CNVD-2018-20297
Trust: 0.6
db:VULHUBid:VHN-118677
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-20297 // 
            
            
            
            VULHUB: VHN-118677 // 
            
            
            
            BID: 105404 // 
            
            
            
            JVNDB: JVNDB-2018-010837 // 
            
            
            
            CNNVD: CNNVD-201809-1235 // 
            
            
            
            NVD: CVE-2018-0475

REFERENCES
url:http://www.securityfocus.com/bid/105404
Trust: 2.3
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180926-cmp
Trust: 2.0
url:http://www.securitytracker.com/id/1041737
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0475
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0475
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-20297 // 
            
            
            
            VULHUB: VHN-118677 // 
            
            
            
            BID: 105404 // 
            
            
            
            JVNDB: JVNDB-2018-010837 // 
            
            
            
            CNNVD: CNNVD-201809-1235 // 
            
            
            
            NVD: CVE-2018-0475

CREDITS
Dmitry Kuznetsov of Digital Security.
Trust: 0.9
sources:
            
            
            BID: 105404 // 
            
            
            
            CNNVD: CNNVD-201809-1235

SOURCES
db:CNVDid:CNVD-2018-20297
db:VULHUBid:VHN-118677
db:BIDid:105404
db:JVNDBid:JVNDB-2018-010837
db:CNNVDid:CNNVD-201809-1235
db:NVDid:CVE-2018-0475

LAST UPDATE DATE
2024-08-14T13:45:32.618000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-20297date:2018-09-30T00:00:00
db:VULHUBid:VHN-118677date:2019-10-09T00:00:00
db:BIDid:105404date:2018-09-26T00:00:00
db:JVNDBid:JVNDB-2018-010837date:2018-12-25T00:00:00
db:CNNVDid:CNNVD-201809-1235date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0475date:2019-10-09T23:32:10.007

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-20297date:2018-09-30T00:00:00
db:VULHUBid:VHN-118677date:2018-10-05T00:00:00
db:BIDid:105404date:2018-09-26T00:00:00
db:JVNDBid:JVNDB-2018-010837date:2018-12-25T00:00:00
db:CNNVDid:CNNVD-201809-1235date:2018-09-28T00:00:00
db:NVDid:CVE-2018-0475date:2018-10-05T14:29:05.247