Lucene search

CiscoCISCO-SA-20180328-QOS

HistoryMar 28, 2018 - 4:00 p.m.

Cisco IOS and IOS XE Software Quality of Service Remote Code Execution Vulnerability

2018-03-2816:00:00

tools.cisco.com

277

0.035 Low

EPSS

Percentile

91.7%

JSON

A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges.

The vulnerability is due to incorrect bounds checking of certain values in packets that are destined for UDP port 18999 of an affected device. An attacker could exploit this vulnerability by sending malicious packets to an affected device. When the packets are processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code on the affected device with elevated privileges. The attacker could also leverage this vulnerability to cause the device to reload, causing a temporary DoS condition while the device is reloading.

The malicious packets must be destined to and processed by an affected device. Traffic transiting a device will not trigger the vulnerability.

Cisco has released software updates that address this vulnerability. There are workarounds for most affected Cisco products that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos”]
This advisory is part of the March 28, 2018, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 20 Cisco Security Advisories that describe 22 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: March 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication [“https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-66682”].

Affected configurations

Vulners

Node

ciscoiosMatch15.5s

ciscoiosMatch15.5t

ciscoiosMatch15.5m

ciscoiosMatch15.5sn

ciscoiosMatch15.6s

ciscoiosMatch15.6t

ciscoiosMatch15.6sp

ciscoiosMatch15.6sn

ciscoiosMatch15.6m

ciscoiosMatch15.7m

ciscorvs4000_softwareMatch3.14s

ciscorvs4000_softwareMatch3.15s

ciscorvs4000_softwareMatch3.16s

ciscorvs4000_softwareMatch3.17s

ciscorvs4000_softwareMatch16.1

ciscorvs4000_softwareMatch16.2

ciscorvs4000_softwareMatch16.3

ciscorvs4000_softwareMatch16.4

ciscorvs4000_softwareMatch16.5

ciscorvs4000_softwareMatch3.18s

ciscorvs4000_softwareMatch3.18sp

ciscorvs4000_softwareMatch16.6

ciscoiosMatch15.5\(1\)s

ciscoiosMatch15.5\(2\)s

ciscoiosMatch15.5\(1\)s1

ciscoiosMatch15.5\(3\)s

ciscoiosMatch15.5\(1\)s2

ciscoiosMatch15.5\(1\)s3

ciscoiosMatch15.5\(2\)s1

ciscoiosMatch15.5\(2\)s2

ciscoiosMatch15.5\(3\)s1

ciscoiosMatch15.5\(3\)s1a

ciscoiosMatch15.5\(2\)s3

ciscoiosMatch15.5\(3\)s2

ciscoiosMatch15.5\(3\)s0a

ciscoiosMatch15.5\(3\)s3

ciscoiosMatch15.5\(1\)s4

ciscoiosMatch15.5\(2\)s4

ciscoiosMatch15.5\(3\)s4

ciscoiosMatch15.5\(3\)s5

ciscoiosMatch15.5\(3\)s6

ciscoiosMatch15.5\(3\)s6a

ciscoiosMatch15.5\(3\)s6b

ciscoiosMatch15.5\(1\)t

ciscoiosMatch15.5\(2\)t

ciscoiosMatch15.5\(1\)t3

ciscoiosMatch15.5\(2\)t1

ciscoiosMatch15.5\(2\)t2

ciscoiosMatch15.5\(2\)t3

ciscoiosMatch15.5\(2\)t4

ciscoiosMatch15.5\(1\)t4

ciscoiosMatch15.5\(3\)m

ciscoiosMatch15.5\(3\)m1

ciscoiosMatch15.5\(3\)m0a

ciscoiosMatch15.5\(3\)m2

ciscoiosMatch15.5\(3\)m2a

ciscoiosMatch15.5\(3\)m3

ciscoiosMatch15.5\(3\)m4

ciscoiosMatch15.5\(3\)m4a

ciscoiosMatch15.5\(3\)m5

ciscoiosMatch15.5\(3\)m4b

ciscoiosMatch15.5\(3\)m4c

ciscoiosMatch15.5\(3\)m6

ciscoiosMatch15.5\(3\)m6a

ciscoiosMatch15.5\(1\)sn

ciscoiosMatch15.5\(1\)sn1

ciscoiosMatch15.5\(2\)sn

ciscoiosMatch15.5\(3\)sn0a

ciscoiosMatch15.5\(3\)sn

ciscoiosMatch15.6\(1\)s

ciscoiosMatch15.6\(2\)s

ciscoiosMatch15.6\(2\)s1

ciscoiosMatch15.6\(1\)s1

ciscoiosMatch15.6\(1\)s2

ciscoiosMatch15.6\(2\)s2

ciscoiosMatch15.6\(1\)s3

ciscoiosMatch15.6\(2\)s3

ciscoiosMatch15.6\(1\)s4

ciscoiosMatch15.6\(2\)s4

ciscoiosMatch15.6\(1\)t

ciscoiosMatch15.6\(2\)t

ciscoiosMatch15.6\(1\)t0a

ciscoiosMatch15.6\(1\)t1

ciscoiosMatch15.6\(2\)t1

ciscoiosMatch15.6\(1\)t2

ciscoiosMatch15.6\(2\)t0a

ciscoiosMatch15.6\(2\)t2

ciscoiosMatch15.6\(1\)t3

ciscoiosMatch15.6\(2\)t3

ciscoiosMatch15.6\(2\)sp

ciscoiosMatch15.6\(2\)sp1

ciscoiosMatch15.6\(2\)sp2

ciscoiosMatch15.6\(2\)sp3

ciscoiosMatch15.6\(1\)sn

ciscoiosMatch15.6\(1\)sn1

ciscoiosMatch15.6\(2\)sn

ciscoiosMatch15.6\(1\)sn2

ciscoiosMatch15.6\(1\)sn3

ciscoiosMatch15.6\(3\)sn

ciscoiosMatch15.6\(4\)sn

ciscoiosMatch15.6\(5\)sn

ciscoiosMatch15.6\(6\)sn

ciscoiosMatch15.6\(7\)sn

ciscoiosMatch15.6\(7\)sn1

ciscoiosMatch15.6\(7\)sn2

ciscoiosMatch15.6\(7\)sn3

ciscoiosMatch15.6\(3\)m

ciscoiosMatch15.6\(3\)m1

ciscoiosMatch15.6\(3\)m0a

ciscoiosMatch15.6\(3\)m1a

ciscoiosMatch15.6\(3\)m1b

ciscoiosMatch15.6\(3\)m2

ciscoiosMatch15.6\(3\)m2a

ciscoiosMatch15.6\(3\)m3

ciscoiosMatch15.6\(3\)m3a

ciscoiosMatch15.7\(3\)m

ciscoiosMatch15.7\(3\)m0a

ciscorvs4000_softwareMatch3.14.0s

ciscorvs4000_softwareMatch3.14.1s

ciscorvs4000_softwareMatch3.14.2s

ciscorvs4000_softwareMatch3.14.3s

ciscorvs4000_softwareMatch3.14.4s

ciscorvs4000_softwareMatch3.15.0s

ciscorvs4000_softwareMatch3.15.1s

ciscorvs4000_softwareMatch3.15.2s

ciscorvs4000_softwareMatch3.15.1cs

ciscorvs4000_softwareMatch3.15.3s

ciscorvs4000_softwareMatch3.15.4s

ciscorvs4000_softwareMatch3.16.0s

ciscorvs4000_softwareMatch3.16.1s

ciscorvs4000_softwareMatch3.16.0as

ciscorvs4000_softwareMatch3.16.1as

ciscorvs4000_softwareMatch3.16.2s

ciscorvs4000_softwareMatch3.16.2as

ciscorvs4000_softwareMatch3.16.0bs

ciscorvs4000_softwareMatch3.16.0cs

ciscorvs4000_softwareMatch3.16.3s

ciscorvs4000_softwareMatch3.16.2bs

ciscorvs4000_softwareMatch3.16.3as

ciscorvs4000_softwareMatch3.16.4s

ciscorvs4000_softwareMatch3.16.4as

ciscorvs4000_softwareMatch3.16.4bs

ciscorvs4000_softwareMatch3.16.4gs

ciscorvs4000_softwareMatch3.16.5s

ciscorvs4000_softwareMatch3.16.4cs

ciscorvs4000_softwareMatch3.16.4ds

ciscorvs4000_softwareMatch3.16.4es

ciscorvs4000_softwareMatch3.16.6s

ciscorvs4000_softwareMatch3.16.5as

ciscorvs4000_softwareMatch3.16.5bs

ciscorvs4000_softwareMatch3.16.6bs

ciscorvs4000_softwareMatch3.17.0s

ciscorvs4000_softwareMatch3.17.1s

ciscorvs4000_softwareMatch3.17.2s

ciscorvs4000_softwareMatch3.17.1as

ciscorvs4000_softwareMatch3.17.3s

ciscorvs4000_softwareMatch3.17.4s

ciscorvs4000_softwareMatch16.1.1

ciscorvs4000_softwareMatch16.1.2

ciscorvs4000_softwareMatch16.1.3

ciscorvs4000_softwareMatch16.2.1

ciscorvs4000_softwareMatch16.2.2

ciscorvs4000_softwareMatch16.3.1

ciscorvs4000_softwareMatch16.3.2

ciscorvs4000_softwareMatch16.3.3

ciscorvs4000_softwareMatch16.3.1a

ciscorvs4000_softwareMatch16.3.4

ciscorvs4000_softwareMatch16.3.5

ciscorvs4000_softwareMatch16.3.5b

ciscorvs4000_softwareMatch16.4.1

ciscorvs4000_softwareMatch16.4.2

ciscorvs4000_softwareMatch16.5.1

ciscorvs4000_softwareMatch16.5.1a

ciscorvs4000_softwareMatch16.5.1b

ciscorvs4000_softwareMatch16.5.2

ciscorvs4000_softwareMatch3.18.0as

ciscorvs4000_softwareMatch3.18.0s

ciscorvs4000_softwareMatch3.18.1s

ciscorvs4000_softwareMatch3.18.2s

ciscorvs4000_softwareMatch3.18.3s

ciscorvs4000_softwareMatch3.18.4s

ciscorvs4000_softwareMatch3.18.0sp

ciscorvs4000_softwareMatch3.18.1sp

ciscorvs4000_softwareMatch3.18.1asp

ciscorvs4000_softwareMatch3.18.1gsp

ciscorvs4000_softwareMatch3.18.1bsp

ciscorvs4000_softwareMatch3.18.1csp

ciscorvs4000_softwareMatch3.18.2sp

ciscorvs4000_softwareMatch3.18.1hsp

ciscorvs4000_softwareMatch3.18.2asp

ciscorvs4000_softwareMatch3.18.1isp

ciscorvs4000_softwareMatch3.18.3sp

ciscorvs4000_softwareMatch3.18.3asp

ciscorvs4000_softwareMatch16.6.1

CPENameOperatorVersion
ioseq15.5S
ioseq15.5T
ioseq15.5M
ioseq15.5SN
ioseq15.6S
ioseq15.6T
ioseq15.6SP
ioseq15.6SN
ioseq15.6M
ioseq15.7M

Name	Operator	Version
ios	eq	15.5S
ios	eq	15.5T
ios	eq	15.5M
ios	eq	15.5SN
ios	eq	15.6S
ios	eq	15.6T
ios	eq	15.6SP
ios	eq	15.6SN
ios	eq	15.6M
ios	eq	15.7M

Rows per page:

1-10 of 1941

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos

0.035 Low

EPSS

Percentile

91.7%

JSON

Related for CISCO-SA-20180328-QOS