CVE-2018-0173

{"id": "CVE-2018-0173", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 3.9}]}, "published": "2018-03-28T22:29:01.170", "references": [{"url": "http://www.securityfocus.com/bid/103545", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1040591", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ykramarz@cisco.com"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dhcpr2", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "https://www.tenable.com/security/research/tra-2018-06", "tags": ["Third Party Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Cisco IOS Software and Cisco IOS XE Software function that restores encapsulated option 82 information in DHCP Version 4 (DHCPv4) packets could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a Relay Reply denial of service (DoS) condition. The vulnerability exists because the affected software performs incomplete input validation of encapsulated option 82 information that it receives in DHCPOFFER messages from DHCPv4 servers. An attacker could exploit this vulnerability by sending a crafted DHCPv4 packet to an affected device, which the device would then forward to a DHCPv4 server. When the affected software processes the option 82 information that is encapsulated in the response from the server, an error could occur. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvg62754."}, {"lang": "es", "value": "Una vulnerabilidad en la funci\u00f3n de Cisco IOS Software y Cisco IOS XE Software que restaura la informaci\u00f3n de la opci\u00f3n 82 encapsulada en paquetes DHCPv4 (DHCP Version 4) podr\u00eda permitir que un atacante remoto no autenticado provoque que un dispositivo afectado se recargue. Esto resulta en una condici\u00f3n de denegaci\u00f3n de servicio (DoS) por Relay Reply. La vulnerabilidad existe debido a que el software afectado realiza validaci\u00f3n incompleta de entradas de la informaci\u00f3n encapsulada de la opci\u00f3n 82 que recibe en los mensajes DHCPOFFER de los servidores DHCPv4. Un atacante podr\u00eda explotar esta vulnerabilidad enviando un paquete DHCPv4 manipulado a un dispositivo afectado, que el dispositivo reenviar\u00eda posteriormente a un servidor DHCPv4. Cuando el software afectado procesa la informaci\u00f3n de la opci\u00f3n 82 que est\u00e1 encapsulada en la respuesta del servidor, podr\u00eda ocurrir un error. Si se explota con \u00e9xito, podr\u00eda permitir que el atacante consiga que el dispositivo afectado se reinicie, provocando una denegaci\u00f3n de servicio. Cisco Bug IDs: CSCvg62754."}], "lastModified": "2019-10-09T23:31:22.940", "cisaActionDue": "2022-03-17", "cisaExploitAdd": "2022-03-03", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios:denali-16.3.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C6EFCB86-450D-4DEF-8010-3A7CA606899C"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:denali-16.3.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8654D912-C8BA-476E-A8AC-3C8C16FA655A"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:4321_integrated_services_router:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9421DBEF-AE42-4234-B49F-FCC34B804D7F"}, {"criteria": "cpe:2.3:h:cisco:4331_integrated_services_router:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5419CB9F-241F-4431-914F-2659BE27BEA5"}, {"criteria": "cpe:2.3:h:cisco:4351_integrated_services_router:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7DE02DBE-EAD5-4F37-8AB7-DF46A605A0E2"}, {"criteria": "cpe:2.3:h:cisco:4431_integrated_services_router:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5720462A-BE6B-4E84-A1A1-01E80BBA86AD"}, {"criteria": "cpe:2.3:h:cisco:4451-x_integrated_services_router:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "818CEFA6-208C-43C3-8E43-474A93ADCF21"}, {"criteria": "cpe:2.3:h:cisco:asr_1000_series_route_processor_\\(rp2\\):-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C02F9303-F9DF-4166-AB4B-8C26B9FAD109"}, {"criteria": "cpe:2.3:h:cisco:asr_1000_series_route_processor_\\(rp3\\):-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "372CB4D6-BB22-4521-9C18-C0A663717168"}, {"criteria": "cpe:2.3:h:cisco:asr_1001-hx:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7594E307-AC80-41EC-AE94-07E664A7D701"}, {"criteria": "cpe:2.3:h:cisco:asr_1001-x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "09C913FF-63D5-43FB-8B39-598EF436BA5A"}, {"criteria": "cpe:2.3:h:cisco:asr_1002-hx:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CD2794BD-C8CE-46EF-9857-1723FCF04E46"}, {"criteria": "cpe:2.3:h:cisco:asr_1002-x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "444F688F-79D0-4F22-B530-7BD520080B8F"}, {"criteria": "cpe:2.3:h:cisco:cloud_services_router_1000v:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4CCB8270-A01D-40A6-BF4B-26BAF65E68F3"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios:denali-16.3.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C6EFCB86-450D-4DEF-8010-3A7CA606899C"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:denali-16.3.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8654D912-C8BA-476E-A8AC-3C8C16FA655A"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:allen-bradley_armorstratix_5700:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D8849345-E011-4160-A91C-DB760497AF9A"}, {"criteria": "cpe:2.3:h:rockwellautomation:allen-bradley_stratix_5400:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DE92939D-3D1E-445C-8888-F3EB4E35A034"}, {"criteria": "cpe:2.3:h:rockwellautomation:allen-bradley_stratix_5410:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0B148D62-D1B2-4E40-9DDD-A8702DFAD2E4"}, {"criteria": "cpe:2.3:h:rockwellautomation:allen-bradley_stratix_5700:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8994DEA7-C4EC-47B9-8AEA-832AF9D1F8E4"}, {"criteria": "cpe:2.3:h:rockwellautomation:allen-bradley_stratix_8000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F9A02987-E6F4-41D2-92C5-016A22AC7D0A"}, {"criteria": "cpe:2.3:h:rockwellautomation:allen-bradley_stratix_8300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3A97B3B5-6606-46F5-BCD8-141FDD6F6729"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ykramarz@cisco.com", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Cisco IOS and IOS XE Software Improper Input Validation Vulnerability"}