Lucene search

[email protected]CVE-2018-0252

HistoryMay 02, 2018 - 10:29 p.m.

CVE-2018-0252

2018-05-0222:29:00

CWE-119

CWE-399

[email protected]

web.nvd.nist.gov

cve-2018-0252

cisco

wireless lan controller

dos

vulnerability

ipv4

fragmentation

nvd

security advisory

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

7.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.3%

JSON

A vulnerability in the IP Version 4 (IPv4) fragment reassembly function of Cisco 3500, 5500, and 8500 Series Wireless LAN Controller Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to a corruption of an internal data structure process that occurs when the affected software reassembles certain IPv4 packets. An attacker could exploit this vulnerability by sending certain malformed IPv4 fragments to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. This vulnerability affects all releases of 8.4 until the first fixed release for the 5500 and 8500 Series Wireless LAN Controllers and releases 8.5.103.0 and 8.5.105.0 for the 3500, 5500, and 8500 Series Wireless LAN Controllers. Cisco Bug IDs: CSCvf89222.

Affected configurations

NVD

Node

ciscowireless_lan_controller_softwareMatch8.4\(100.0\)

ciscowireless_lan_controller_softwareMatch8.5\(107.30\)

ciscowireless_lan_controller_softwareMatch8.5\(107.41\)

ciscowireless_lan_controller_softwareMatch8.6\(1.108\)

CPENameOperatorVersion
cisco:wireless_lan_controller_softwarecisco wireless lan controller softwareeq8.4\(100.0\)
cisco:wireless_lan_controller_softwarecisco wireless lan controller softwareeq8.5\(107.30\)
cisco:wireless_lan_controller_softwarecisco wireless lan controller softwareeq8.5\(107.41\)
cisco:wireless_lan_controller_softwarecisco wireless lan controller softwareeq8.6\(1.108\)

CPE	Name	Operator	Version
cisco:wireless_lan_controller_software	cisco wireless lan controller software	eq	8.4\(100.0\)
cisco:wireless_lan_controller_software	cisco wireless lan controller software	eq	8.5\(107.30\)
cisco:wireless_lan_controller_software	cisco wireless lan controller software	eq	8.5\(107.41\)
cisco:wireless_lan_controller_software	cisco wireless lan controller software	eq	8.6\(1.108\)

CNA Affected

[
  {
    "product": "Cisco Wireless LAN Controller",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco Wireless LAN Controller"
      }
    ]
  }
]

References

www.securitytracker.com/id/1040822

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-wlc-ip

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

7.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.3%

JSON

Related for CVE-2018-0252

nvd1 prion1 cvelist1 cisco1 nessus1