CVE-2018-0189
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the Forwarding Information Base (FIB) code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, network attacker to cause a denial of service (DoS) condition. The vulnerability is due to a limitation in the way the FIB is internally representing recursive routes. An attacker could exploit this vulnerability by injecting routes into the routing protocol that have a specific recursive pattern. The attacker must be in a position on the network that provides the ability to inject a number of recursive routes with a specific pattern. An exploit could allow the attacker to cause an affected device to reload, creating a DoS condition. Cisco Bug IDs: CSCva91655.
Una vulnerabilidad en el código FIB (Forwarding Information Base) de Cisco IOS Software y Cisco IOS XE Software podría permitir que un atacante de red sin autenticar provoque una denegación de servicio (DoS). La vulnerabilidad se debe a que existe un límite en la manera en la que el FIB representa internamente las rutas recursivas. Un atacante podría explotar esta vulnerabilidad inyectando rutas en el protocolo de enrutamiento que tienen un patrón recursivo específico. El atacante debe estar en una posición de la red que proporcione la habilidad para inyectar una serie de rutas recursivas con un patrón específico. Su explotación podría permitir que el atacante consiga que el dispositivo afectado se reinicie, creando una condición de denegación de servicio (DoS). Cisco Bug IDs: CSCva91655.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-11-27 CVE Reserved
- 2018-03-28 CVE Published
- 2024-02-05 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-399: Resource Management Errors
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/103548 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-FIB-dos | 2019-10-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | < 15.5\(3\)s5 Search vendor "Cisco" for product "Ios Xe" and version " < 15.5\(3\)s5" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | < 15.5\(3\)m5 Search vendor "Cisco" for product "Ios Xe" and version " < 15.5\(3\)m5" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | < 15.4\(3\)s7 Search vendor "Cisco" for product "Ios Xe" and version " < 15.4\(3\)s7" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | < 15.4\(2\)s1 Search vendor "Cisco" for product "Ios Xe" and version " < 15.4\(2\)s1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | < 15.4\(1\)s1 Search vendor "Cisco" for product "Ios Xe" and version " < 15.4\(1\)s1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | < 15.4\(1\)s0a Search vendor "Cisco" for product "Ios Xe" and version " < 15.4\(1\)s0a" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | < 15.2\(5\)e1 Search vendor "Cisco" for product "Ios Xe" and version " < 15.2\(5\)e1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | < 15.2\(4\)e5 Search vendor "Cisco" for product "Ios Xe" and version " < 15.2\(4\)e5" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | < 15.2\(2\)e1 Search vendor "Cisco" for product "Ios Xe" and version " < 15.2\(2\)e1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | < 15.2\(1\)e1 Search vendor "Cisco" for product "Ios Xe" and version " < 15.2\(1\)e1" | - |
Affected
| ||||||