Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-0257

A vulnerability in Cisco IOS XE Software running on Cisco cBR Series Converged Broadband Routers could allow an unauthenticated, adjacent attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to the incorrect handling of certain DHCP packets. An attacker could exploit this vulnerability by sending certain DHCP packets to a specific segment of an affected device. A successful exploit could allow the attacker to increase CPU usage on the affected device and cause a DoS condition. Cisco Bug IDs: CSCvg73687.

Published

2018-04-19T20:29:01.317

Last Modified

2024-11-21T03:37:49.840

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 4.3 (MEDIUM)

CVSSv2 Vector

AV:A/AC:L/Au:N/C:N/I:N/A:P

  • Access Vector: ADJACENT_NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: PARTIAL
Exploitability Score

6.5

Impact Score

2.9

Weaknesses
  • Type: Secondary
    CWE-399
  • Type: Primary
    NVD-CWE-noinfo
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System cisco ios_xe ≤ 3.18.4 Yes
Operating System cisco ios_xe ≤ 16.6.3 Yes
Operating System cisco ios_xe ≤ 16.7.2 Yes
Operating System cisco ios_xe 15.6\(2\)sp Yes
Operating System cisco ios_xe 16.4 Yes
Operating System cisco ios_xe 16.5 Yes
References