Details of VAR-201810-0565

ID

VAR-201810-0565

CVE

CVE-2018-15373

TITLE

Cisco IOS and Cisco IOS XE software Resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-010836

DESCRIPTION

A vulnerability in the implementation of Cisco Discovery Protocol functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust memory on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper memory handling by the affected software when the software processes high rates of Cisco Discovery Protocol packets that are sent to a device. An attacker could exploit this vulnerability by sending a high rate of Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to exhaust memory on the affected device, resulting in a DoS condition. This issue is being tracked by Cisco Bug ID CSCvg54267

Trust: 2.52

sources: NVD: CVE-2018-15373 // JVNDB: JVNDB-2018-010836 // CNVD: CNVD-2018-20694 // BID: 105413 // VULHUB: VHN-125626

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-20694

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	eq	version:	15.5\(3\)s3.16	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	15.5\(3\)s3.16	Trust: 1.6
vendor:	cisco	model:	ios	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ios software	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios xe software	scope:	-	version:	-	Trust: 0.6
vendor:	rockwell	model:	automation allen-bradley stratix 15.2 e0a	scope:	eq	version:	8000	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley stratix 15.2 ea.fc4	scope:	eq	version:	8000	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley stratix 15.2 e0a	scope:	eq	version:	5700	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley stratix 15.2 ea.fc4	scope:	eq	version:	5700	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley stratix 15.2 e0a	scope:	eq	version:	5410	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley stratix 15.2 ea.fc4	scope:	eq	version:	5410	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley stratix 15.2 ea3	scope:	eq	version:	5410	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley stratix 15.2 eb	scope:	eq	version:	5410	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley stratix 15.2 e0a	scope:	eq	version:	5400	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley stratix 15.2 ea.fc4	scope:	eq	version:	5400	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley stratix 15.2 ea3	scope:	eq	version:	5400	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley stratix 15.2 ea2	scope:	eq	version:	5400	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley stratix 15.2 ea1	scope:	eq	version:	5400	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley armorstratix 15.2 e0a	scope:	eq	version:	5700	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley armorstratix 15.2 ea.fc4	scope:	eq	version:	5700	Trust: 0.3
vendor:	rockwall	model:	automation allen-bradley stratix 15.2 ea3	scope:	eq	version:	8000	Trust: 0.3
vendor:	rockwall	model:	automation allen-bradley armorstratix 15.2 ea3	scope:	eq	version:	5700	Trust: 0.3
vendor:	cisco	model:	ios xe software	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ios 15.5 s3.16	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	0	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley stratix 15.2 ea7	scope:	ne	version:	8300	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley stratix 15.2 e2a	scope:	ne	version:	8000	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley stratix 15.2 e2a	scope:	ne	version:	5700	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley stratix 15.2 e2a	scope:	ne	version:	5410	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley stratix 15.2 e2a	scope:	ne	version:	5400	Trust: 0.3
vendor:	rockwell	model:	automation allen-bradley armorstratix 15.2 e2a	scope:	ne	version:	5700	Trust: 0.3

sources: CNVD: CNVD-2018-20694 // BID: 105413 // JVNDB: JVNDB-2018-010836 // CNNVD: CNNVD-201809-1268 // NVD: CVE-2018-15373

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-15373
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-15373
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-20694
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201809-1268
value:	HIGH
Trust: 0.6
VULHUB:	VHN-125626
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-15373
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-20694
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-125626
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-15373
baseSeverity:	HIGH
baseScore:	7.4
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	4.0
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-20694 // VULHUB: VHN-125626 // JVNDB: JVNDB-2018-010836 // CNNVD: CNNVD-201809-1268 // NVD: CVE-2018-15373

PROBLEMTYPE DATA

problemtype:	CWE-399	Trust: 1.9
problemtype:	CWE-770	Trust: 1.1

sources: VULHUB: VHN-125626 // JVNDB: JVNDB-2018-010836 // NVD: CVE-2018-15373

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201809-1268

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201809-1268

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-010836

PATCH

title:	cisco-sa-20180926-cdp-dos	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-cdp-dos	Trust: 0.8
title:	Patch for CiscoIOSandIOSXESoftware Denial of Service Vulnerability (CNVD-2018-20694)	url:	https://www.cnvd.org.cn/patchInfo/show/141869	Trust: 0.6
title:	Cisco IOS Software and IOS XE Software Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85277	Trust: 0.6

sources: CNVD: CNVD-2018-20694 // JVNDB: JVNDB-2018-010836 // CNNVD: CNNVD-201809-1268

EXTERNAL IDS

db:	NVD	id:	CVE-2018-15373	Trust: 3.4
db:	ICS CERT	id:	ICSA-19-094-03	Trust: 2.8
db:	BID	id:	105413	Trust: 2.6
db:	JVNDB	id:	JVNDB-2018-010836	Trust: 0.8
db:	CNVD	id:	CNVD-2018-20694	Trust: 0.6
db:	ICS CERT	id:	ICSA-19-094-02	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.1153	Trust: 0.6
db:	CNNVD	id:	CNNVD-201809-1268	Trust: 0.6
db:	VULHUB	id:	VHN-125626	Trust: 0.1

sources: CNVD: CNVD-2018-20694 // VULHUB: VHN-125626 // BID: 105413 // JVNDB: JVNDB-2018-010836 // CNNVD: CNNVD-201809-1268 // NVD: CVE-2018-15373

REFERENCES

url:	http://www.securityfocus.com/bid/105413	Trust: 2.9
url:	https://ics-cert.us-cert.gov/advisories/icsa-19-094-03	Trust: 2.8
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180926-cdp-dos	Trust: 2.0
url:	http://www.cisco.com/	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15373	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-15373	Trust: 0.8
url:	https://ics-cert.us-cert.gov/advisories/icsa-19-094-02	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/78478	Trust: 0.6

sources: CNVD: CNVD-2018-20694 // VULHUB: VHN-125626 // BID: 105413 // JVNDB: JVNDB-2018-010836 // CNNVD: CNNVD-201809-1268 // NVD: CVE-2018-15373

CREDITS

The vendor reported this issue.,Rockwell Automation reported these vulnerabilities to NCCIC.

Trust: 0.6

sources: CNNVD: CNNVD-201809-1268

SOURCES

db:	CNVD	id:	CNVD-2018-20694
db:	VULHUB	id:	VHN-125626
db:	BID	id:	105413
db:	JVNDB	id:	JVNDB-2018-010836
db:	CNNVD	id:	CNNVD-201809-1268
db:	NVD	id:	CVE-2018-15373

LAST UPDATE DATE

2024-08-14T13:45:32.969000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-20694	date:	2018-10-12T00:00:00
db:	VULHUB	id:	VHN-125626	date:	2019-10-03T00:00:00
db:	BID	id:	105413	date:	2019-04-05T07:00:00
db:	JVNDB	id:	JVNDB-2018-010836	date:	2019-04-10T00:00:00
db:	CNNVD	id:	CNNVD-201809-1268	date:	2019-10-08T00:00:00
db:	NVD	id:	CVE-2018-15373	date:	2019-10-03T00:03:26.223

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-20694	date:	2018-10-11T00:00:00
db:	VULHUB	id:	VHN-125626	date:	2018-10-05T00:00:00
db:	BID	id:	105413	date:	2018-09-26T00:00:00
db:	JVNDB	id:	JVNDB-2018-010836	date:	2018-12-25T00:00:00
db:	CNNVD	id:	CNNVD-201809-1268	date:	2018-09-28T00:00:00
db:	NVD	id:	CVE-2018-15373	date:	2018-10-05T14:29:06.420