CVE-2018-0475 - OpenCVE

A vulnerability in the implementation of the cluster feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation when handling Cluster Management Protocol (CMP) messages. An attacker could exploit this vulnerability by sending a malicious CMP message to an affected device. A successful exploit could allow the attacker to cause the switch to crash and reload or to hang, resulting in a DoS condition. If the switch hangs it will not reboot automatically, and it will need to be power cycled manually to recover.

No CVSS v4.0

No CVSS v3.1

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:A/AC:L/Au:N/C:N/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Ios Ios Xe

Configuration 1 [-]

OR	cpe:2.3:o:cisco:ios:15.0\(2.0.0\):::::::*
	cpe:2.3:o:cisco:ios_xe:15.0\(2.0.0\):::::::*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/105404
http://www.securitytracker.com/id/1041737
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-cmp

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2018-10-05T14:00:00Z

Updated: 2024-09-16T16:43:08.146Z

Reserved: 2017-11-27T00:00:00

Link: CVE-2018-0475

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-10-05T14:29:05.247

Modified: 2019-10-09T23:32:10.007

Link: CVE-2018-0475

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Cisco IOS Software", "vendor": "Cisco", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-09-26T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the implementation of the cluster feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation when handling Cluster Management Protocol (CMP) messages. An attacker could exploit this vulnerability by sending a malicious CMP message to an affected device. A successful exploit could allow the attacker to cause the switch to crash and reload or to hang, resulting in a DoS condition. If the switch hangs it will not reboot automatically, and it will need to be power cycled manually to recover."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-10-07T09:57:02", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "105404", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/105404"}, {"name": "20180926 Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-cmp"}, {"name": "1041737", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1041737"}], "source": {"advisory": "cisco-sa-20180926-cmp", "defect": [["CSCvg48576"]], "discovery": "UNKNOWN"}, "title": "Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2018-09-26T16:00:00-0500", "ID": "CVE-2018-0475", "STATE": "PUBLIC", "TITLE": "Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco IOS Software", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "Cisco"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the implementation of the cluster feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation when handling Cluster Management Protocol (CMP) messages. An attacker could exploit this vulnerability by sending a malicious CMP message to an affected device. A successful exploit could allow the attacker to cause the switch to crash and reload or to hang, resulting in a DoS condition. If the switch hangs it will not reboot automatically, and it will need to be power cycled manually to recover."}]}, "impact": {"cvss": {"baseScore": "7.4", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20"}]}]}, "references": {"reference_data": [{"name": "105404", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105404"}, {"name": "20180926 Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-cmp"}, {"name": "1041737", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041737"}]}, "source": {"advisory": "cisco-sa-20180926-cmp", "defect": [["CSCvg48576"]], "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:28:10.360Z"}, "title": "CVE Program Container", "references": [{"name": "105404", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/105404"}, {"name": "20180926 Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-cmp"}, {"name": "1041737", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1041737"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2018-0475", "datePublished": "2018-10-05T14:00:00Z", "dateReserved": "2017-11-27T00:00:00", "dateUpdated": "2024-09-16T16:43:08.146Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios:15.0\\(2.0.0\\):*:*:*:*:*:*:*", "matchCriteriaId": "FA43C523-A6C6-40AD-A4B3-44BE497D1F4B", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:15.0\\(2.0.0\\):*:*:*:*:*:*:*", "matchCriteriaId": "D09DB808-6C55-4D99-9B0F-13F8FB65D93B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the implementation of the cluster feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation when handling Cluster Management Protocol (CMP) messages. An attacker could exploit this vulnerability by sending a malicious CMP message to an affected device. A successful exploit could allow the attacker to cause the switch to crash and reload or to hang, resulting in a DoS condition. If the switch hangs it will not reboot automatically, and it will need to be power cycled manually to recover."}, {"lang": "es", "value": "Una vulnerabilidad en la implementaci\u00f3n de la caracter\u00edstica del cl\u00faster en Cisco IOS Software y Cisco IOS XE Software podr\u00eda permitir que un atacante adyacente no autenticado desencadene una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en un dispositivo afectado. Esta vulnerabilidad se debe a la validaci\u00f3n incorrecta de entradas al manejar mensajes CMP (Cluster Management Protocol). Un atacante podr\u00eda explotar esta vulnerabilidad enviando un mensaje CMP malicioso a un dispositivo afectado. Si se explota con \u00e9xito, podr\u00eda permitir que el atacante provoque que el switch se cierre inesperadamente y se recargue o se bloquee, provocando una denegaci\u00f3n de servicio (DoS). Si el switch se bloquea, no se reiniciar\u00e1 auitom\u00e1ticamente, por lo que ser\u00e1 necesario conectarlo manualmente para recuperarse."}], "id": "CVE-2018-0475", "lastModified": "2019-10-09T23:32:10.007", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-10-05T14:29:05.247", "references": [{"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/105404"}, {"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1041737"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-cmp"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}