Details of VAR-201901-0710

ID

VAR-201901-0710

CVE

CVE-2018-0282

TITLE

Cisco IOS and Cisco IOS XE Software state vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-001620

DESCRIPTION

A vulnerability in the TCP socket code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a state condition between the socket state and the transmission control block (TCB) state. While this vulnerability potentially affects all TCP applications, the only affected application observed so far is the HTTP server. An attacker could exploit this vulnerability by sending specific HTTP requests at a sustained rate to a reachable IP address of the affected software. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition on an affected device. Cisco IOS and Cisco IOS XE The software contains a state vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. This issue is being tracked by Cisco Bug ID CSCvg39082

Trust: 1.98

sources: NVD: CVE-2018-0282 // JVNDB: JVNDB-2019-001620 // BID: 106510 // VULHUB: VHN-118484

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(2\)e4	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	ios	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ios xe software	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	0	Trust: 0.3

sources: BID: 106510 // JVNDB: JVNDB-2019-001620 // NVD: CVE-2018-0282

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0282
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2018-0282
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-0282
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201901-255
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-118484
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-0282
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-118484
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

ykramarz@cisco.com:	CVE-2018-0282
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	4.0
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2018-0282
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	4.0
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-118484 // JVNDB: JVNDB-2019-001620 // CNNVD: CNNVD-201901-255 // NVD: CVE-2018-0282 // NVD: CVE-2018-0282

PROBLEMTYPE DATA

problemtype:	CWE-371	Trust: 1.9
problemtype:	NVD-CWE-noinfo	Trust: 1.0

sources: VULHUB: VHN-118484 // JVNDB: JVNDB-2019-001620 // NVD: CVE-2018-0282

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-255

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201901-255

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-001620

PATCH

title:	cisco-sa-20190109-tcp	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-tcp	Trust: 0.8
title:	Cisco IOS and IOS XE Software Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88439	Trust: 0.6

sources: JVNDB: JVNDB-2019-001620 // CNNVD: CNNVD-201901-255

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0282	Trust: 2.8
db:	BID	id:	106510	Trust: 2.0
db:	JVNDB	id:	JVNDB-2019-001620	Trust: 0.8
db:	CNNVD	id:	CNNVD-201901-255	Trust: 0.7
db:	VULHUB	id:	VHN-118484	Trust: 0.1

sources: VULHUB: VHN-118484 // BID: 106510 // JVNDB: JVNDB-2019-001620 // CNNVD: CNNVD-201901-255 // NVD: CVE-2018-0282

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190109-tcp	Trust: 2.0
url:	http://www.securityfocus.com/bid/106510	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0282	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0282	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-118484 // BID: 106510 // JVNDB: JVNDB-2019-001620 // CNNVD: CNNVD-201901-255 // NVD: CVE-2018-0282

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 106510

SOURCES

db:	VULHUB	id:	VHN-118484
db:	BID	id:	106510
db:	JVNDB	id:	JVNDB-2019-001620
db:	CNNVD	id:	CNNVD-201901-255
db:	NVD	id:	CVE-2018-0282

LAST UPDATE DATE

2024-08-14T14:39:05.326000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-118484	date:	2020-08-28T00:00:00
db:	BID	id:	106510	date:	2019-01-09T00:00:00
db:	JVNDB	id:	JVNDB-2019-001620	date:	2019-03-18T00:00:00
db:	CNNVD	id:	CNNVD-201901-255	date:	2020-10-23T00:00:00
db:	NVD	id:	CVE-2018-0282	date:	2020-08-28T18:14:50.370

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-118484	date:	2019-01-10T00:00:00
db:	BID	id:	106510	date:	2019-01-09T00:00:00
db:	JVNDB	id:	JVNDB-2019-001620	date:	2019-03-18T00:00:00
db:	CNNVD	id:	CNNVD-201901-255	date:	2019-01-10T00:00:00
db:	NVD	id:	CVE-2018-0282	date:	2019-01-10T00:29:00.297