Lucene search

CiscoCVE-2018-0418

HistoryAug 15, 2018 - 8:29 p.m.

CVE-2018-0418

2018-08-1520:29:01

CWE-400

CWE-20

cisco

web.nvd.nist.gov

cisco

asr 9000

vulnerability

denial of service

dos

input validation

ptp

cve-2018-0418

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

AI Score

8.3

Confidence

High

EPSS

0.002

Percentile

62.0%

JSON

A vulnerability in the Local Packet Transport Services (LPTS) feature set of Cisco ASR 9000 Series Aggregation Services Router Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input and validation checking on certain Precision Time Protocol (PTP) ingress traffic to an affected device. An attacker could exploit this vulnerability by injecting malformed traffic into an affected device. A successful exploit could allow the attacker to cause services on the device to become unresponsive, resulting in a DoS condition. Cisco Bug IDs: CSCvj22858.

Affected configurations

Nvd

Node

ciscoios_xrRange≤6.3.3_base

AND

ciscoasr_9000vMatch-

ciscoasr_9001Match-

ciscoasr_9006Match-

ciscoasr_9010Match-

ciscoasr_9901Match-

ciscoasr_9904Match-

ciscoasr_9906Match-

ciscoasr_9910Match-

ciscoasr_9912Match-

ciscoasr_9922Match-

VendorProductVersionCPE
ciscoios_xr*cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*
ciscoasr_9000v-cpe:2.3:h:cisco:asr_9000v:-:*:*:*:*:*:*:*
ciscoasr_9001-cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:*:*
ciscoasr_9006-cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:*:*
ciscoasr_9010-cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:*:*
ciscoasr_9901-cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:*:*
ciscoasr_9904-cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:*:*
ciscoasr_9906-cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:*:*
ciscoasr_9910-cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:*:*
ciscoasr_9912-cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	ios_xr	*	cpe:2.3:o:cisco:ios_xr::::::::
cisco	asr_9000v	-	cpe:2.3:h:cisco:asr_9000v:-:::::::*
cisco	asr_9001	-	cpe:2.3:h:cisco:asr_9001:-:::::::*
cisco	asr_9006	-	cpe:2.3:h:cisco:asr_9006:-:::::::*
cisco	asr_9010	-	cpe:2.3:h:cisco:asr_9010:-:::::::*
cisco	asr_9901	-	cpe:2.3:h:cisco:asr_9901:-:::::::*
cisco	asr_9904	-	cpe:2.3:h:cisco:asr_9904:-:::::::*
cisco	asr_9906	-	cpe:2.3:h:cisco:asr_9906:-:::::::*
cisco	asr_9910	-	cpe:2.3:h:cisco:asr_9910:-:::::::*
cisco	asr_9912	-	cpe:2.3:h:cisco:asr_9912:-:::::::*

Rows per page:

1-10 of 111

CNA Affected

[
  {
    "product": "ASR 9000 Series Aggregation Services Router Software",
    "vendor": "Cisco Systems, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "unspecified"
      }
    ]
  }
]

References

www.securityfocus.com/bid/105185

www.securitytracker.com/id/1041538

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-asr-ptp-dos

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

AI Score

8.3

Confidence

High

EPSS

0.002

Percentile

62.0%

JSON

Related for CVE-2018-0418