Sign-up

ID

VAR-201810-0578


CVE

CVE-2018-15391


TITLE

Cisco Remote PHY Software Resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-013260

DESCRIPTION

A vulnerability in certain IPv4 fragment-processing functions of Cisco Remote PHY Software could allow an unauthenticated, remote attacker to impact traffic passing through a device, potentially causing a denial of service (DoS) condition. The vulnerability is due to the affected software not validating and calculating certain numerical values in IPv4 packets that are sent to an affected device. An attacker could exploit this vulnerability by sending malformed IPv4 traffic to an affected device. A successful exploit could allow the attacker to disrupt the flow of certain IPv4 traffic passing through an affected device, which could result in a DoS condition. Cisco Remote PHY Software Contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to cause denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCvg58415. This solution uses Ethernet PON (EPON) and metropolitan area network as the transmission network

Trust: 1.98

sources: NVD: CVE-2018-15391 // JVNDB: JVNDB-2018-013260 // BID: 105947 // VULHUB: VHN-125646

AFFECTED PRODUCTS

vendor:ciscomodel:remotescope:eqversion:phy

Trust: 1.6

vendor:ciscomodel:remote physcope: - version: -

Trust: 0.8

vendor:ciscomodel:remote phy softwarescope:eqversion:0

Trust: 0.3

sources: BID: 105947 // JVNDB: JVNDB-2018-013260 // CNNVD: CNNVD-201810-186 // NVD: CVE-2018-15391

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-15391
value: HIGH

Trust: 1.0

NVD: CVE-2018-15391
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201810-186
value: HIGH

Trust: 0.6

VULHUB: VHN-125646
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-15391
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-125646
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-15391
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-125646 // JVNDB: JVNDB-2018-013260 // CNNVD: CNNVD-201810-186 // NVD: CVE-2018-15391

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.8

problemtype:CWE-682

Trust: 1.1

sources: VULHUB: VHN-125646 // JVNDB: JVNDB-2018-013260 // NVD: CVE-2018-15391

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-186

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201810-186

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-013260

PATCH
title:cisco-sa-20181003-phy-ipv4-dosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-phy-ipv4-dos
Trust: 0.8
title:Cisco Remote PHY Software Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85400
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-013260 // 
            
            
            
            CNNVD: CNNVD-201810-186

EXTERNAL IDS
db:NVDid:CVE-2018-15391
Trust: 2.8
db:JVNDBid:JVNDB-2018-013260
Trust: 0.8
db:CNNVDid:CNNVD-201810-186
Trust: 0.7
db:BIDid:105947
Trust: 0.3
db:VULHUBid:VHN-125646
Trust: 0.1
sources:
            
            
            VULHUB: VHN-125646 // 
            
            
            
            BID: 105947 // 
            
            
            
            JVNDB: JVNDB-2018-013260 // 
            
            
            
            CNNVD: CNNVD-201810-186 // 
            
            
            
            NVD: CVE-2018-15391

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20181003-phy-ipv4-dos
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15391
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-15391
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-125646 // 
            
            
            
            BID: 105947 // 
            
            
            
            JVNDB: JVNDB-2018-013260 // 
            
            
            
            CNNVD: CNNVD-201810-186 // 
            
            
            
            NVD: CVE-2018-15391

CREDITS
Cisco.
Trust: 0.3
sources:
            
            
            BID: 105947

SOURCES
db:VULHUBid:VHN-125646
db:BIDid:105947
db:JVNDBid:JVNDB-2018-013260
db:CNNVDid:CNNVD-201810-186
db:NVDid:CVE-2018-15391

LAST UPDATE DATE
2024-11-23T22:41:40.201000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-125646date:2019-10-09T00:00:00
db:BIDid:105947date:2018-10-03T00:00:00
db:JVNDBid:JVNDB-2018-013260date:2019-02-18T00:00:00
db:CNNVDid:CNNVD-201810-186date:2019-10-17T00:00:00
db:NVDid:CVE-2018-15391date:2024-11-21T03:50:41.243

SOURCES RELEASE DATE
db:VULHUBid:VHN-125646date:2018-10-05T00:00:00
db:BIDid:105947date:2018-10-03T00:00:00
db:JVNDBid:JVNDB-2018-013260date:2019-02-18T00:00:00
db:CNNVDid:CNNVD-201810-186date:2018-10-08T00:00:00
db:NVDid:CVE-2018-15391date:2018-10-05T14:29:07.793