ID

VAR-201810-0565


CVE

CVE-2018-15373


TITLE

Cisco IOS and Cisco IOS XE software Resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-010836

DESCRIPTION

A vulnerability in the implementation of Cisco Discovery Protocol functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust memory on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper memory handling by the affected software when the software processes high rates of Cisco Discovery Protocol packets that are sent to a device. An attacker could exploit this vulnerability by sending a high rate of Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to exhaust memory on the affected device, resulting in a DoS condition. This issue is being tracked by Cisco Bug ID CSCvg54267

Trust: 2.52

sources: NVD: CVE-2018-15373 // JVNDB: JVNDB-2018-010836 // CNVD: CNVD-2018-20694 // BID: 105413 // VULHUB: VHN-125626

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-20694

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:eqversion:15.5\(3\)s3.16

Trust: 1.6

vendor:ciscomodel:ios xescope:eqversion:15.5\(3\)s3.16

Trust: 1.6

vendor:ciscomodel:iosscope: - version: -

Trust: 0.8

vendor:ciscomodel:ios xescope: - version: -

Trust: 0.8

vendor:ciscomodel:ios softwarescope: - version: -

Trust: 0.6

vendor:ciscomodel:ios xe softwarescope: - version: -

Trust: 0.6

vendor:rockwellmodel:automation allen-bradley stratix 15.2 e0ascope:eqversion:8000

Trust: 0.3

vendor:rockwellmodel:automation allen-bradley stratix 15.2 ea.fc4scope:eqversion:8000

Trust: 0.3

vendor:rockwellmodel:automation allen-bradley stratix 15.2 e0ascope:eqversion:5700

Trust: 0.3

vendor:rockwellmodel:automation allen-bradley stratix 15.2 ea.fc4scope:eqversion:5700

Trust: 0.3

vendor:rockwellmodel:automation allen-bradley stratix 15.2 e0ascope:eqversion:5410

Trust: 0.3

vendor:rockwellmodel:automation allen-bradley stratix 15.2 ea.fc4scope:eqversion:5410

Trust: 0.3

vendor:rockwellmodel:automation allen-bradley stratix 15.2 ea3scope:eqversion:5410

Trust: 0.3

vendor:rockwellmodel:automation allen-bradley stratix 15.2 ebscope:eqversion:5410

Trust: 0.3

vendor:rockwellmodel:automation allen-bradley stratix 15.2 e0ascope:eqversion:5400

Trust: 0.3

vendor:rockwellmodel:automation allen-bradley stratix 15.2 ea.fc4scope:eqversion:5400

Trust: 0.3

vendor:rockwellmodel:automation allen-bradley stratix 15.2 ea3scope:eqversion:5400

Trust: 0.3

vendor:rockwellmodel:automation allen-bradley stratix 15.2 ea2scope:eqversion:5400

Trust: 0.3

vendor:rockwellmodel:automation allen-bradley stratix 15.2 ea1scope:eqversion:5400

Trust: 0.3

vendor:rockwellmodel:automation allen-bradley armorstratix 15.2 e0ascope:eqversion:5700

Trust: 0.3

vendor:rockwellmodel:automation allen-bradley armorstratix 15.2 ea.fc4scope:eqversion:5700

Trust: 0.3

vendor:rockwallmodel:automation allen-bradley stratix 15.2 ea3scope:eqversion:8000

Trust: 0.3

vendor:rockwallmodel:automation allen-bradley armorstratix 15.2 ea3scope:eqversion:5700

Trust: 0.3

vendor:ciscomodel:ios xe softwarescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:ios 15.5 s3.16scope: - version: -

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:0

Trust: 0.3

vendor:rockwellmodel:automation allen-bradley stratix 15.2 ea7scope:neversion:8300

Trust: 0.3

vendor:rockwellmodel:automation allen-bradley stratix 15.2 e2ascope:neversion:8000

Trust: 0.3

vendor:rockwellmodel:automation allen-bradley stratix 15.2 e2ascope:neversion:5700

Trust: 0.3

vendor:rockwellmodel:automation allen-bradley stratix 15.2 e2ascope:neversion:5410

Trust: 0.3

vendor:rockwellmodel:automation allen-bradley stratix 15.2 e2ascope:neversion:5400

Trust: 0.3

vendor:rockwellmodel:automation allen-bradley armorstratix 15.2 e2ascope:neversion:5700

Trust: 0.3

sources: CNVD: CNVD-2018-20694 // BID: 105413 // JVNDB: JVNDB-2018-010836 // CNNVD: CNNVD-201809-1268 // NVD: CVE-2018-15373

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-15373
value: HIGH

Trust: 1.0

NVD: CVE-2018-15373
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-20694
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201809-1268
value: HIGH

Trust: 0.6

VULHUB: VHN-125626
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-15373
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-20694
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-125626
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-15373
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 4.0
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-20694 // VULHUB: VHN-125626 // JVNDB: JVNDB-2018-010836 // CNNVD: CNNVD-201809-1268 // NVD: CVE-2018-15373

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

problemtype:CWE-770

Trust: 1.1

sources: VULHUB: VHN-125626 // JVNDB: JVNDB-2018-010836 // NVD: CVE-2018-15373

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201809-1268

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201809-1268

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-010836

PATCH

title:cisco-sa-20180926-cdp-dosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-cdp-dos

Trust: 0.8

title:Patch for CiscoIOSandIOSXESoftware Denial of Service Vulnerability (CNVD-2018-20694)url:https://www.cnvd.org.cn/patchInfo/show/141869

Trust: 0.6

title:Cisco IOS Software and IOS XE Software Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85277

Trust: 0.6

sources: CNVD: CNVD-2018-20694 // JVNDB: JVNDB-2018-010836 // CNNVD: CNNVD-201809-1268

EXTERNAL IDS

db:NVDid:CVE-2018-15373

Trust: 3.4

db:ICS CERTid:ICSA-19-094-03

Trust: 2.8

db:BIDid:105413

Trust: 2.6

db:JVNDBid:JVNDB-2018-010836

Trust: 0.8

db:CNVDid:CNVD-2018-20694

Trust: 0.6

db:ICS CERTid:ICSA-19-094-02

Trust: 0.6

db:AUSCERTid:ESB-2019.1153

Trust: 0.6

db:CNNVDid:CNNVD-201809-1268

Trust: 0.6

db:VULHUBid:VHN-125626

Trust: 0.1

sources: CNVD: CNVD-2018-20694 // VULHUB: VHN-125626 // BID: 105413 // JVNDB: JVNDB-2018-010836 // CNNVD: CNNVD-201809-1268 // NVD: CVE-2018-15373

REFERENCES

url:http://www.securityfocus.com/bid/105413

Trust: 2.9

url:https://ics-cert.us-cert.gov/advisories/icsa-19-094-03

Trust: 2.8

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180926-cdp-dos

Trust: 2.0

url:http://www.cisco.com/

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15373

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-15373

Trust: 0.8

url:https://ics-cert.us-cert.gov/advisories/icsa-19-094-02

Trust: 0.6

url:https://www.auscert.org.au/bulletins/78478

Trust: 0.6

sources: CNVD: CNVD-2018-20694 // VULHUB: VHN-125626 // BID: 105413 // JVNDB: JVNDB-2018-010836 // CNNVD: CNNVD-201809-1268 // NVD: CVE-2018-15373

CREDITS

The vendor reported this issue.,Rockwell Automation reported these vulnerabilities to NCCIC.

Trust: 0.6

sources: CNNVD: CNNVD-201809-1268

SOURCES

db:CNVDid:CNVD-2018-20694
db:VULHUBid:VHN-125626
db:BIDid:105413
db:JVNDBid:JVNDB-2018-010836
db:CNNVDid:CNNVD-201809-1268
db:NVDid:CVE-2018-15373

LAST UPDATE DATE

2024-08-14T13:45:32.969000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2018-20694date:2018-10-12T00:00:00
db:VULHUBid:VHN-125626date:2019-10-03T00:00:00
db:BIDid:105413date:2019-04-05T07:00:00
db:JVNDBid:JVNDB-2018-010836date:2019-04-10T00:00:00
db:CNNVDid:CNNVD-201809-1268date:2019-10-08T00:00:00
db:NVDid:CVE-2018-15373date:2019-10-03T00:03:26.223

SOURCES RELEASE DATE

db:CNVDid:CNVD-2018-20694date:2018-10-11T00:00:00
db:VULHUBid:VHN-125626date:2018-10-05T00:00:00
db:BIDid:105413date:2018-09-26T00:00:00
db:JVNDBid:JVNDB-2018-010836date:2018-12-25T00:00:00
db:CNNVDid:CNNVD-201809-1268date:2018-09-28T00:00:00
db:NVDid:CVE-2018-15373date:2018-10-05T14:29:06.420