Details of VAR-201810-0579

ID

VAR-201810-0579

CVE

CVE-2018-15392

TITLE

Cisco Industrial Network Director DHCP Service denial of service vulnerability

Trust: 0.8

sources: IVD: e2fdde70-39ab-11e9-adea-000c29342cb1 // CNVD: CNVD-2018-21224

DESCRIPTION

A vulnerability in the DHCP service of Cisco Industrial Network Director could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper handling of DHCP lease requests. An attacker could exploit this vulnerability by sending malicious DHCP lease requests to an affected application. A successful exploit could allow the attacker to cause the DHCP service to terminate, resulting in a DoS condition. CiscoIndustrialNetworkDirector is a platform that helps IT and operations teams collaborate to fully understand the network and automation devices. This issue is being tracked by Cisco Bug IDs CSCvi90140. The system realizes automatic management through visual operation of industrial Ethernet infrastructure

Trust: 2.7

sources: NVD: CVE-2018-15392 // JVNDB: JVNDB-2018-013486 // CNVD: CNVD-2018-21224 // BID: 105961 // IVD: e2fdde70-39ab-11e9-adea-000c29342cb1 // VULHUB: VHN-125647

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: e2fdde70-39ab-11e9-adea-000c29342cb1 // CNVD: CNVD-2018-21224

AFFECTED PRODUCTS

vendor:	cisco	model:	industrial network director	scope:	lte	version:	1.5\(0.3\)	Trust: 1.0
vendor:	cisco	model:	industrial network director	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	industrial network director none	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	industrial network director	scope:	eq	version:	1.5\(0.3\)	Trust: 0.6
vendor:	cisco	model:	industrial network director	scope:	eq	version:	1.4	Trust: 0.3
vendor:	cisco	model:	industrial network director	scope:	ne	version:	1.5	Trust: 0.3
vendor:	industrial network director	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: e2fdde70-39ab-11e9-adea-000c29342cb1 // CNVD: CNVD-2018-21224 // BID: 105961 // JVNDB: JVNDB-2018-013486 // CNNVD: CNNVD-201810-187 // NVD: CVE-2018-15392

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-15392
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-15392
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2018-21224
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-201810-187
value:	MEDIUM
Trust: 0.6
IVD:	e2fdde70-39ab-11e9-adea-000c29342cb1
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-125647
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2018-15392
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-21224
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2fdde70-39ab-11e9-adea-000c29342cb1
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-125647
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-15392
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: IVD: e2fdde70-39ab-11e9-adea-000c29342cb1 // CNVD: CNVD-2018-21224 // VULHUB: VHN-125647 // JVNDB: JVNDB-2018-013486 // CNNVD: CNNVD-201810-187 // NVD: CVE-2018-15392

PROBLEMTYPE DATA

problemtype:	CWE-399	Trust: 1.8
problemtype:	NVD-CWE-noinfo	Trust: 1.0

sources: JVNDB: JVNDB-2018-013486 // NVD: CVE-2018-15392

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201810-187

TYPE

Resource management error

Trust: 0.8

sources: IVD: e2fdde70-39ab-11e9-adea-000c29342cb1 // CNNVD: CNNVD-201810-187

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013486

PATCH

title:	cisco-sa-20181003-ind-dos	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-ind-dos	Trust: 0.8
title:	Patch for CiscoIndustrialNetworkDirectorDHCP Service Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/142751	Trust: 0.6
title:	Cisco Industrial Network Director Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85401	Trust: 0.6

sources: CNVD: CNVD-2018-21224 // JVNDB: JVNDB-2018-013486 // CNNVD: CNNVD-201810-187

EXTERNAL IDS

db:	NVD	id:	CVE-2018-15392	Trust: 3.6
db:	CNNVD	id:	CNNVD-201810-187	Trust: 0.9
db:	CNVD	id:	CNVD-2018-21224	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-013486	Trust: 0.8
db:	BID	id:	105961	Trust: 0.3
db:	IVD	id:	E2FDDE70-39AB-11E9-ADEA-000C29342CB1	Trust: 0.2
db:	VULHUB	id:	VHN-125647	Trust: 0.1

sources: IVD: e2fdde70-39ab-11e9-adea-000c29342cb1 // CNVD: CNVD-2018-21224 // VULHUB: VHN-125647 // BID: 105961 // JVNDB: JVNDB-2018-013486 // CNNVD: CNNVD-201810-187 // NVD: CVE-2018-15392

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20181003-ind-dos	Trust: 2.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15392	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-15392	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2018-21224 // VULHUB: VHN-125647 // BID: 105961 // JVNDB: JVNDB-2018-013486 // CNNVD: CNNVD-201810-187 // NVD: CVE-2018-15392

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 105961

SOURCES

db:	IVD	id:	e2fdde70-39ab-11e9-adea-000c29342cb1
db:	CNVD	id:	CNVD-2018-21224
db:	VULHUB	id:	VHN-125647
db:	BID	id:	105961
db:	JVNDB	id:	JVNDB-2018-013486
db:	CNNVD	id:	CNNVD-201810-187
db:	NVD	id:	CVE-2018-15392

LAST UPDATE DATE

2024-11-23T23:02:00.416000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-21224	date:	2018-10-18T00:00:00
db:	VULHUB	id:	VHN-125647	date:	2019-10-09T00:00:00
db:	BID	id:	105961	date:	2018-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-013486	date:	2019-02-21T00:00:00
db:	CNNVD	id:	CNNVD-201810-187	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-15392	date:	2024-11-21T03:50:41.367

SOURCES RELEASE DATE

db:	IVD	id:	e2fdde70-39ab-11e9-adea-000c29342cb1	date:	2018-10-18T00:00:00
db:	CNVD	id:	CNVD-2018-21224	date:	2018-10-18T00:00:00
db:	VULHUB	id:	VHN-125647	date:	2018-10-05T00:00:00
db:	BID	id:	105961	date:	2018-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-013486	date:	2019-02-21T00:00:00
db:	CNNVD	id:	CNNVD-201810-187	date:	2018-10-08T00:00:00
db:	NVD	id:	CVE-2018-15392	date:	2018-10-05T14:29:07.903