// For flags

CVE-2018-0132

 

Severity Score

8.6
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A vulnerability in the forwarding information base (FIB) code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause inconsistency between the routing information base (RIB) and the FIB, resulting in a denial of service (DoS) condition. The vulnerability is due to incorrect processing of extremely long routing updates. An attacker could exploit this vulnerability by sending a large routing update. A successful exploit could allow the attacker to trigger inconsistency between the FIB and the RIB, resulting in a DoS condition. Cisco Bug IDs: CSCus84718.

Una vulnerabilidad en el código FIB (Forwarding Information Base) de Cisco IOS XR Software podría permitir que un atacante remoto no autenticado provoque inconsistencias entre el RIB (Routing Information Base) y el FIB, lo que resulta en una condición de denegación de servicio (DoS). La vulnerabilidad se debe al procesado incorrecto de actualizaciones de rutina extremadamente largas. Un atacante podría explotar esta vulnerabilidad enviando una actualización de rutina larga. Si se explota con éxito, podría permitir que el atacante cause inconsistencias entre el FIB y el RIB, provocando una denegación de servicio. Cisco Bug IDs: CSCus84718.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-11-27 CVE Reserved
  • 2018-02-08 CVE Published
  • 2023-08-11 EPSS Updated
  • 2024-08-05 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
 Carrier Routing System
Search vendor "Cisco" for product "Carrier Routing System"
 5.3.0.rout
Search vendor "Cisco" for product "Carrier Routing System" and version "5.3.0.rout"
-
Affected