CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
5.1 | $0-$5k | 0.00 |
A vulnerability, which was classified as problematic, was found in Cisco IOS XE (Router Operating System) (the affected version unknown). This affects an unknown part of the component VLAN. The manipulation with an unknown input leads to a race condition vulnerability. CWE is classifying the issue as CWE-362. The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently. This is going to have an impact on availability. The summary by CVE is:
A vulnerability in the errdisable per VLAN feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause the device to crash, leading to a denial of service (DoS) condition. The vulnerability is due to a race condition that occurs when the VLAN and port enter an errdisabled state, resulting in an incorrect state in the software. An attacker could exploit this vulnerability by sending frames that trigger the errdisable condition. A successful exploit could allow the attacker to cause the affected device to crash, leading to a DoS condition.
The bug was discovered 09/26/2018. The weakness was shared 10/05/2018 as cisco-sa-20180926-errdisable as confirmed advisory (Website). The advisory is shared at tools.cisco.com. This vulnerability is uniquely identified as CVE-2018-0480 since 11/26/2017. The attack needs to be done within the local network. No form of authentication is needed for exploitation. Neither technical details nor an exploit are publicly available.
The vulnerability scanner Nessus provides a plugin with the ID 117946 (Cisco IOS XE Software Errdisable Vulnerabilities (cisco-sa-20180926-errdisable)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family CISCO and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 316328 (Cisco IOS XE Software Errdisable Denial of Service Vulnerability(cisco-sa-20180926-errdisable)).
Upgrading eliminates this vulnerability. A possible mitigation has been published even before and not after the disclosure of the vulnerability.
The vulnerability is also documented in the vulnerability database at Tenable (117946). The entries 124870, 124868 and 124867 are related to this item.
Product
Type
Vendor
Name
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.2VulDB Meta Temp Score: 5.1
VulDB Base Score: 4.3
VulDB Temp Score: 4.1
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 6.1
NVD Vector: 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Race conditionCWE: CWE-362
CAPEC: 🔍
ATT&CK: 🔍
Local: No
Remote: Partially
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Nessus ID: 117946
Nessus Name: Cisco IOS XE Software Errdisable Vulnerabilities (cisco-sa-20180926-errdisable)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Timeline
11/26/2017 🔍09/26/2018 🔍
09/26/2018 🔍
09/26/2018 🔍
10/05/2018 🔍
10/05/2018 🔍
10/05/2018 🔍
10/06/2018 🔍
05/22/2023 🔍
Sources
Vendor: cisco.comAdvisory: cisco-sa-20180926-errdisable
Status: Confirmed
CVE: CVE-2018-0480 (🔍)
OVAL: 🔍
SecurityTracker: 1041737
SecurityFocus: 105400 - Cisco IOS XE Software Errdisable CVE-2018-0480 Denial of Service Vulnerability
scip Labs: https://www.scip.ch/en/?labs.20150108
See also: 🔍
Entry
Created: 10/06/2018 10:53Updated: 05/22/2023 13:40
Changes: 10/06/2018 10:53 (72), 03/30/2020 12:02 (4), 05/22/2023 13:40 (4)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.