Lucene search

CiscoCVE-2018-0273

HistoryApr 19, 2018 - 8:29 p.m.

CVE-2018-0273

2018-04-1920:29:01

CWE-399

cisco

web.nvd.nist.gov

cisco

staros

ipsec manager

asr

vpn

dos

vulnerability

cisco bug ids

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

AI Score

5.4

Confidence

High

EPSS

0.002

Percentile

53.2%

JSON

A vulnerability in the IPsec Manager of Cisco StarOS for Cisco Aggregation Services Router (ASR) 5000 Series Routers and Virtualized Packet Core (VPC) System Software could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from being established, resulting in a denial of service (DoS) condition. The vulnerability is due to improper processing of corrupted Internet Key Exchange Version 2 (IKEv2) messages. An attacker could exploit this vulnerability by sending crafted IKEv2 messages toward an affected router. A successful exploit could allow the attacker to cause the ipsecmgr service to reload. A reload of this service could cause all IPsec VPN tunnels to be terminated and prevent new tunnels from being established until the service has restarted, resulting in a DoS condition. This vulnerability affects the following Cisco products when they are running Cisco StarOS: Cisco Aggregation Services Router (ASR) 5000 Series Routers, Virtualized Packet Core (VPC) System Software. Cisco Bug IDs: CSCve29605.

Affected configurations

Nvd

Node

ciscostarosMatch19.4.2.65120

ciscostarosMatch19.6.0

ciscostarosMatch21.2.0

ciscostarosMatch21.2.6

ciscostarosMatch21.4.0

AND

ciscoasr_5000Match-

ciscoasr_5500Match-

ciscoasr_5700Match-

VendorProductVersionCPE
ciscostaros19.4.2.65120cpe:2.3:o:cisco:staros:19.4.2.65120:*:*:*:*:*:*:*
ciscostaros19.6.0cpe:2.3:o:cisco:staros:19.6.0:*:*:*:*:*:*:*
ciscostaros21.2.0cpe:2.3:o:cisco:staros:21.2.0:*:*:*:*:*:*:*
ciscostaros21.2.6cpe:2.3:o:cisco:staros:21.2.6:*:*:*:*:*:*:*
ciscostaros21.4.0cpe:2.3:o:cisco:staros:21.4.0:*:*:*:*:*:*:*
ciscoasr_5000-cpe:2.3:h:cisco:asr_5000:-:*:*:*:*:*:*:*
ciscoasr_5500-cpe:2.3:h:cisco:asr_5500:-:*:*:*:*:*:*:*
ciscoasr_5700-cpe:2.3:h:cisco:asr_5700:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	staros	19.4.2.65120	cpe:2.3:o:cisco:staros:19.4.2.65120:::::::*
cisco	staros	19.6.0	cpe:2.3:o:cisco:staros:19.6.0:::::::*
cisco	staros	21.2.0	cpe:2.3:o:cisco:staros:21.2.0:::::::*
cisco	staros	21.2.6	cpe:2.3:o:cisco:staros:21.2.6:::::::*
cisco	staros	21.4.0	cpe:2.3:o:cisco:staros:21.4.0:::::::*
cisco	asr_5000	-	cpe:2.3:h:cisco:asr_5000:-:::::::*
cisco	asr_5500	-	cpe:2.3:h:cisco:asr_5500:-:::::::*
cisco	asr_5700	-	cpe:2.3:h:cisco:asr_5700:-:::::::*

CNA Affected

[
  {
    "product": "Cisco StarOS IPsec Manager",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco StarOS IPsec Manager"
      }
    ]
  }
]

References

www.securityfocus.com/bid/103935

www.securitytracker.com/id/1040721

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-starosasr

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

AI Score

5.4

Confidence

High

EPSS

0.002

Percentile

53.2%

JSON

Related for CVE-2018-0273