CVE-2018-0369
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the reassembly logic for fragmented IPv4 packets of Cisco StarOS running on virtual platforms could allow an unauthenticated, remote attacker to trigger a reload of the npusim process, resulting in a denial of service (DoS) condition. There are four instances of the npusim process running per Service Function (SF) instance, each handling a subset of all traffic flowing across the device. It is possible to trigger a reload of all four instances of the npusim process around the same time. The vulnerability is due to improper handling of fragmented IPv4 packets containing options. An attacker could exploit this vulnerability by sending a malicious IPv4 packet across an affected device. An exploit could allow the attacker to trigger a restart of the npusim process, which will result in all traffic queued toward this instance of the npusim process to be dropped while the process is restarting. The npusim process typically restarts within less than a second. This vulnerability affects: Cisco Virtualized Packet Core-Single Instance (VPC-SI), Cisco Virtualized Packet Core-Distributed Instance (VPC-DI), Cisco Ultra Packet Core (UPC). Cisco Bug IDs: CSCvh29613.
Una vulnerabilidad en la lógica para paquetes IPv4 fragmentados de Cisco StarOS que se ejecuta en plataformas virtuales permite que un atacante remoto no autenticado desencadene el reinicio del proceso npusim. Esto resulta una condición de denegación de servicio (DoS). Hay cuatro instancias del proceso npusim ejecutándose por instancia SF (Service Function); cada una de ellas maneja una serie de tráfico que fluye por el dispositivo. Es posible desencadenar una recarga de las cuatro instancias del proceso npusim al mismo tiempo. La vulnerabilidad se debe a una gestión incorrecta de paquetes IPv4 fragmentados que contienen opciones. Un atacante podría explotar esta vulnerabilidad enviando un paquete IPv4 malicioso a través de un dispositivo afectado. Este exploit podría permitir que el atacante desencadene el reinicio del proceso npusim, que resultará en que todo el tráfico que esté en cola hacia esta instancia del proceso npusim se dejará mientras el proceso se reinicia. El proceso npusim suele reiniciarse en menos de un segundo. Esta vulnerabilidad afecta a: Cisco Virtualized Packet Core-Single Instance (VPC-SI), Cisco Virtualized Packet Core-Distributed Instance (VPC-DI) y Cisco Ultra Packet Core (UPC). Cisco Bug IDs: CSCvh29613.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-11-27 CVE Reserved
- 2018-07-16 CVE Published
- 2024-05-25 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/104723 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | >= 21.3 < 21.3.15 Search vendor "Cisco" for product "Staros" and version " >= 21.3 < 21.3.15" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 5000 Search vendor "Cisco" for product "Asr 5000" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | >= 21.3 < 21.3.15 Search vendor "Cisco" for product "Staros" and version " >= 21.3 < 21.3.15" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 5500 Search vendor "Cisco" for product "Asr 5500" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | >= 21.3 < 21.3.15 Search vendor "Cisco" for product "Staros" and version " >= 21.3 < 21.3.15" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 5700 Search vendor "Cisco" for product "Asr 5700" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | >= 21.4 < 21.5.7 Search vendor "Cisco" for product "Staros" and version " >= 21.4 < 21.5.7" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 5000 Search vendor "Cisco" for product "Asr 5000" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | >= 21.4 < 21.5.7 Search vendor "Cisco" for product "Staros" and version " >= 21.4 < 21.5.7" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 5500 Search vendor "Cisco" for product "Asr 5500" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | >= 21.4 < 21.5.7 Search vendor "Cisco" for product "Staros" and version " >= 21.4 < 21.5.7" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 5700 Search vendor "Cisco" for product "Asr 5700" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | >= 21.6 < 21.6.4 Search vendor "Cisco" for product "Staros" and version " >= 21.6 < 21.6.4" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 5000 Search vendor "Cisco" for product "Asr 5000" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | >= 21.6 < 21.6.4 Search vendor "Cisco" for product "Staros" and version " >= 21.6 < 21.6.4" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 5500 Search vendor "Cisco" for product "Asr 5500" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Staros Search vendor "Cisco" for product "Staros" | >= 21.6 < 21.6.4 Search vendor "Cisco" for product "Staros" and version " >= 21.6 < 21.6.4" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 5700 Search vendor "Cisco" for product "Asr 5700" | - | - |
Safe
|