CVE-2018-15391

{"id": "CVE-2018-15391", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2018-10-05T14:29:07.793", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-phy-ipv4-dos", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-682"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-399"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in certain IPv4 fragment-processing functions of Cisco Remote PHY Software could allow an unauthenticated, remote attacker to impact traffic passing through a device, potentially causing a denial of service (DoS) condition. The vulnerability is due to the affected software not validating and calculating certain numerical values in IPv4 packets that are sent to an affected device. An attacker could exploit this vulnerability by sending malformed IPv4 traffic to an affected device. A successful exploit could allow the attacker to disrupt the flow of certain IPv4 traffic passing through an affected device, which could result in a DoS condition."}, {"lang": "es", "value": "Una vulnerabilidad en ciertas funciones de procesamiento de fragmentos IPv4 de Cisco Remote PHY Software podr\u00eda permitir que un atacante remoto no autenticado provoque un impacto sobre el tr\u00e1fico que pasa a trav\u00e9s de un dispositivo, pudiendo provocar una denegaci\u00f3n de servicio (DoS). La vulnerabilidad se debe a que el software afectado no valida ni calcula ciertos valores num\u00e9ricos en los paquetes IPv4 que se env\u00edan a un dispositivo afectado. Un atacante podr\u00eda explotar esta vulnerabilidad enviando tr\u00e1fico IPv4 mal formado a un dispositivo afectado. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir que el atacante interrumpa el flujo de cierto tr\u00e1fico IPv4 que pasa a trav\u00e9s de un dispositivo afectado, lo que podr\u00eda provocar una denegaci\u00f3n de servicio (DoS)."}], "lastModified": "2019-10-09T23:35:30.877", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:remote:phy:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40DC6825-20E1-4832-92F5-60CE8BC83799"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}