ID

VAR-201901-0710


CVE

CVE-2018-0282


TITLE

Cisco IOS and Cisco IOS XE Software state vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-001620

DESCRIPTION

A vulnerability in the TCP socket code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a state condition between the socket state and the transmission control block (TCB) state. While this vulnerability potentially affects all TCP applications, the only affected application observed so far is the HTTP server. An attacker could exploit this vulnerability by sending specific HTTP requests at a sustained rate to a reachable IP address of the affected software. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition on an affected device. Cisco IOS and Cisco IOS XE The software contains a state vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. This issue is being tracked by Cisco Bug ID CSCvg39082

Trust: 1.98

sources: NVD: CVE-2018-0282 // JVNDB: JVNDB-2019-001620 // BID: 106510 // VULHUB: VHN-118484

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:eqversion:15.2\(2\)e4

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion: -

Trust: 1.0

vendor:ciscomodel:iosscope: - version: -

Trust: 0.8

vendor:ciscomodel:ios xescope: - version: -

Trust: 0.8

vendor:ciscomodel:ios xe softwarescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:0

Trust: 0.3

sources: BID: 106510 // JVNDB: JVNDB-2019-001620 // NVD: CVE-2018-0282

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0282
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2018-0282
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-0282
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201901-255
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118484
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-0282
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118484
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2018-0282
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 4.0
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2018-0282
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 4.0
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-118484 // JVNDB: JVNDB-2019-001620 // CNNVD: CNNVD-201901-255 // NVD: CVE-2018-0282 // NVD: CVE-2018-0282

PROBLEMTYPE DATA

problemtype:CWE-371

Trust: 1.9

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: VULHUB: VHN-118484 // JVNDB: JVNDB-2019-001620 // NVD: CVE-2018-0282

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-255

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201901-255

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-001620

PATCH

title:cisco-sa-20190109-tcpurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-tcp

Trust: 0.8

title:Cisco IOS and IOS XE Software Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88439

Trust: 0.6

sources: JVNDB: JVNDB-2019-001620 // CNNVD: CNNVD-201901-255

EXTERNAL IDS

db:NVDid:CVE-2018-0282

Trust: 2.8

db:BIDid:106510

Trust: 2.0

db:JVNDBid:JVNDB-2019-001620

Trust: 0.8

db:CNNVDid:CNNVD-201901-255

Trust: 0.7

db:VULHUBid:VHN-118484

Trust: 0.1

sources: VULHUB: VHN-118484 // BID: 106510 // JVNDB: JVNDB-2019-001620 // CNNVD: CNNVD-201901-255 // NVD: CVE-2018-0282

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190109-tcp

Trust: 2.0

url:http://www.securityfocus.com/bid/106510

Trust: 1.7

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0282

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-0282

Trust: 0.8

url:http://www.cisco.com/

Trust: 0.3

sources: VULHUB: VHN-118484 // BID: 106510 // JVNDB: JVNDB-2019-001620 // CNNVD: CNNVD-201901-255 // NVD: CVE-2018-0282

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 106510

SOURCES

db:VULHUBid:VHN-118484
db:BIDid:106510
db:JVNDBid:JVNDB-2019-001620
db:CNNVDid:CNNVD-201901-255
db:NVDid:CVE-2018-0282

LAST UPDATE DATE

2024-08-14T14:39:05.326000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-118484date:2020-08-28T00:00:00
db:BIDid:106510date:2019-01-09T00:00:00
db:JVNDBid:JVNDB-2019-001620date:2019-03-18T00:00:00
db:CNNVDid:CNNVD-201901-255date:2020-10-23T00:00:00
db:NVDid:CVE-2018-0282date:2020-08-28T18:14:50.370

SOURCES RELEASE DATE

db:VULHUBid:VHN-118484date:2019-01-10T00:00:00
db:BIDid:106510date:2019-01-09T00:00:00
db:JVNDBid:JVNDB-2019-001620date:2019-03-18T00:00:00
db:CNNVDid:CNNVD-201901-255date:2019-01-10T00:00:00
db:NVDid:CVE-2018-0282date:2019-01-10T00:29:00.297