|Home | View Topics | Search ||
|Category: Device (Router/Bridge/Hub) > Cisco IOS||Vendors: Cisco|
Cisco IOS/IOS XE Multiple Flaws Let Remote Users Cause the Target Device to Hang or Reload and Local Users Gain Elevated Privileges
|SecurityTracker Alert ID: 1041737|
|SecurityTracker URL: https://securitytracker.com/id/1041737|
|CVE Reference: CVE-2018-0466, CVE-2018-0467, CVE-2018-0469, CVE-2018-0470, CVE-2018-0471, CVE-2018-0472, CVE-2018-0473, CVE-2018-0475, CVE-2018-0476, CVE-2018-0477, CVE-2018-0480, CVE-2018-0481, CVE-2018-0485 (Links to External Site)|
Date: Sep 28 2018
Denial of service via network, Execution of arbitrary code via local system, Root access via local system|
Fix Available: Yes Vendor Confirmed: Yes |
Multiple vulnerabilities were reported in Cisco IOS and IOS XE. A remote user can cause the target service to hang or reload. A local user can gain elevated privileges.|
A remote user can send specially crafted Cisco Discovery Protocol (CDP) packets to the target adjacent device to trigger a memory leak, eventually causing a memory allocation error and causing the target device to crash [CVE-2018-0471].
Cisco IOS XE versions 16.6.1 and 16.6.2 are affected.
The vendor has assigned bug ID CSCvf50648 to this vulnerability.
A remote user can send a specially crafted Cluster Management Protocol (CMP) message to cause the target device to crash and reload or hang [CVE-2018-0475]. A manual reboot may be required to return the system to normal operations.
The vendor has assigned bug ID CSCvg48576 to this vulnerability.
A remote user can send specially crafted data to trigger a race condition between a VLAN and port when entering an 'errdisabled' state, causing the target IOS XE device to crash [CVE-2018-0480].
Cisco Catalyst 3650, 3850, and 4500E series switches are affected when the errdisable feature is enabled for a feature at both the VLAN and port level.
The vendor has assigned bug ID CSCvh13611 to this vulnerability.
A local user with privilege level 15 (EXEC mode) can send specially crafted command line interface commands to trigger an input validation flaw and execute arbitrary Linux operating system commands on the target IOS XE system with root privileges [CVE-2018-0477, CVE-2018-0481].
The vendor has assigned bug IDs CSCvh02919 and CSCvh54202 to these vulnerabilities.
A remote user can send specially crafted IPv6 hop-by-hop options to or through the target device to cause the device to reload [CVE-2018-0467].
The vendor has assigned bug ID CSCuz28570 to this vulnerability.
A remote user can send specially crafted Precision Time Protocol (PTP) data to or through the target IOS device to trigger a synchronization error and cause denial of service conditions [CVE-2018-0473].
The Cisco 2500 Series Connected Grid Switches, Cisco Connected Grid Ethernet Switch Module Interface Card, and the Industrial Ethernet 2000, 2000U, 3000, 2010, 4000, 4010, and 5000 Series Switches are affected.
The vendor has assigned bug IDs CSCvf94015 and CSCvh77659 to this vulnerability.
A remote user can send specially crafted HTTP packets to the target device to trigger a buffer overflow and cause denial of service conditions [CVE-2018-0470].
Systems running the HTTP Server feature are affected.
The vendor has assigned bug ID CSCvb22618 to this vulnerability.
A remote user can with access to the management interface can send specially crafted HTTP requests to the target web user interface to trigger a double-free memory error and cause the target device to crash [CVE-2018-0469]. IOS XE versions 16.2.2 and later require authentication to exploit.
Cisco Catalyst 3650 and 3850 series devices are affected if the HTTP Server feature is enabled.
The vendor has assigned bug ID CSCva31961 to this vulnerability.
A remote user can send specially crafted IPsec Authentication Header (AH) or Encapsulating Security Payload (ESP) packets to cause the target system to crash [CVE-2018-0472].
The vendor has assigned bug IDs CSCvf73114, CSCvg37952, CSCvh04189, CSCvh04591, and CSCvi30496 to this vulnerability.
A remote user can send specially crafted Open Shortest Path First version 3 (OSPFv3) Link-State Advertisements (LSA) data to cause the target device to reload [CVE-2018-0466].
The vendor has assigned bug ID CSCuy82806 to this vulnerability.
Dmitry Kuznetsov of Digital Security reported one vulnerability.
A remote user can cause the target device to crash or reload.|
A local user can obtain root privileges on the target device.
The vendor has issued a fix.|
The vendor's advisory is available at:
The vendor's individual advisories are available at:
Vendor URL: tools.cisco.com/security/center/viewErp.x?alertId=ERP-69981 (Links to External Site)
Access control error, Input validation error, State error|