Lucene search

[email protected]CVE-2018-0155

HistoryMar 28, 2018 - 10:29 p.m.

CVE-2018-0155

2018-03-2822:29:00

CWE-388

CWE-755

[email protected]

web.nvd.nist.gov

837

In Wild

cisco

switches

vulnerability

dos

bfd

cisco catalyst

cve-2018-0155

nvd

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

8.2 High

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.004 Low

EPSS

Percentile

74.8%

JSON

A vulnerability in the Bidirectional Forwarding Detection (BFD) offload implementation of Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches could allow an unauthenticated, remote attacker to cause a crash of the iosd process, causing a denial of service (DoS) condition. The vulnerability is due to insufficient error handling when the BFD header in a BFD packet is incomplete. An attacker could exploit this vulnerability by sending a crafted BFD message to or across an affected switch. A successful exploit could allow the attacker to trigger a reload of the system. This vulnerability affects Catalyst 4500 Supervisor Engine 6-E (K5), Catalyst 4500 Supervisor Engine 6L-E (K10), Catalyst 4500 Supervisor Engine 7-E (K10), Catalyst 4500 Supervisor Engine 7L-E (K10), Catalyst 4500E Supervisor Engine 8-E (K10), Catalyst 4500E Supervisor Engine 8L-E (K10), Catalyst 4500E Supervisor Engine 9-E (K10), Catalyst 4500-X Series Switches (K10), Catalyst 4900M Switch (K5), Catalyst 4948E Ethernet Switch (K5). Cisco Bug IDs: CSCvc40729.

Affected configurations

NVD

Node

ciscoiosMatch3.6\(2\)e

ciscoios_xeMatch3.6\(2\)e

AND

ciscocatalyst_4500-x_series_switches_\(k10\)Match-

ciscocatalyst_4500_supervisor_engine_6-e_\(k5\)Match-

ciscocatalyst_4500_supervisor_engine_6l-e_\(k10\)Match-

ciscocatalyst_4500_supervisor_engine_7-e_\(k10\)Match-

ciscocatalyst_4500_supervisor_engine_7l-e_\(k10\)Match-

ciscocatalyst_4500e_supervisor_engine_8-e_\(k10\)Match-

ciscocatalyst_4500e_supervisor_engine_8l-e_\(k10\)Match-

ciscocatalyst_4500e_supervisor_engine_9-e_\(k10\)Match-

ciscocatalyst_4900m_switch_\(k5\)Match-

ciscocatalyst_4948e_ethernet_switch_\(k5\)Match-

Node

ciscoiosMatch3.6\(2\)e

ciscoios_xeMatch3.6\(2\)e

AND

rockwellautomationallen-bradley_stratix_8300_industrial_managed_ethernet_switchMatch-

CPENameOperatorVersion
cisco:ioscisco ioseq3.6\(2\)e
cisco:ios_xecisco ios xeeq3.6\(2\)e

CPE	Name	Operator	Version
cisco:ios	cisco ios	eq	3.6\(2\)e
cisco:ios_xe	cisco ios xe	eq	3.6\(2\)e

CNA Affected

[
  {
    "product": "Cisco IOS and IOS XE",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco IOS and IOS XE"
      }
    ]
  }
]