| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.9 | $5k-$25k | 0.00 |
Summary
A vulnerability described as problematic has been identified in Cisco IOS and IOS XE. The affected element is an unknown function of the component DHCP Relay. The manipulation as part of Packet results in input validation. This vulnerability is identified as CVE-2018-0174. The attack can be executed remotely. Additionally, an exploit exists. Applying restrictive firewalling is recommended.
Details
A vulnerability, which was classified as problematic, was found in Cisco IOS and IOS XE (Router Operating System) (unknown version). Affected is an unknown code block of the component DHCP Relay. The manipulation as part of a Packet leads to a input validation vulnerability. CWE is classifying the issue as CWE-20. The product receives input or data, but it does
not validate or incorrectly validates that the input has the
properties that are required to process the data safely and
correctly. This is going to have an impact on availability. CVE summarizes:
A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software performs incomplete input validation of option 82 information that it receives in DHCP Version 4 (DHCPv4) packets from DHCP relay agents. An attacker could exploit this vulnerability by sending a crafted DHCPv4 packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCuh91645.
The bug was discovered 03/28/2018. The weakness was released 03/28/2018 as cisco-sa-20180328-dhcpr3 as confirmed advisory (Website). The advisory is shared for download at tools.cisco.com. This vulnerability is traded as CVE-2018-0174 since 11/27/2017. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. Technical details are unknown but an exploit is available. The current price for an exploit might be approx. USD $5k-$25k (estimation calculated on 09/09/2024).
It is declared as attacked. The vulnerability scanner Nessus provides a plugin with the ID 109088 (Cisco IOS DHCP Multiple Vulnerabilities), which helps to determine the existence of the flaw in a target environment. It is assigned to the family CISCO and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 316219 (Cisco IOS and IOS XE Software DHCP Version 4 Relay Denial of Service Vulnerability(cisco-sa-20180328-dhcpr3)). This issue was added on 03/03/2022 to the CISA Known Exploited Vulnerabilities Catalog with a due date of 03/17/2022:
Apply updates per vendor instructions.It is possible to mitigate the weakness by firewalling . A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at Tenable (109088) and SecurityFocus (BID 103554†). Entries connected to this vulnerability are available at VDB-115174 and VDB-115175. VulDB is the best source for vulnerability data and more expert information about this specific topic.
Product
Type
Vendor
Name
License
Website
- Vendor: https://www.cisco.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.9VulDB Meta Temp Score: 6.9
VulDB Base Score: 5.3
VulDB Temp Score: 5.2
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 8.6
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Input validationCWE: CWE-20
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Attacked
EPSS Score: 🔍
EPSS Percentile: 🔍
KEV Added: 🔍
KEV Due: 🔍
KEV Remediation: 🔍
KEV Ransomware: 🔍
KEV Notice: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 109088
Nessus Name: Cisco IOS DHCP Multiple Vulnerabilities
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: FirewallStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Timeline
11/27/2017 🔍03/28/2018 🔍
03/28/2018 🔍
03/28/2018 🔍
03/28/2018 🔍
03/28/2018 🔍
03/29/2018 🔍
04/17/2018 🔍
09/09/2024 🔍
Sources
Vendor: cisco.comAdvisory: cisco-sa-20180328-dhcpr3
Researcher: Tenable
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2018-0174 (🔍)
GCVE (CVE): GCVE-0-2018-0174
GCVE (VulDB): GCVE-100-115176
OVAL: 🔍
SecurityFocus: 103554 - Cisco IOS and IOS XE Software CVE-2018-0174 Denial of Service Vulnerability
SecurityTracker: 1040591
scip Labs: https://www.scip.ch/en/?labs.20150108
See also: 🔍
Entry
Created: 03/29/2018 09:14Updated: 09/09/2024 22:29
Changes: 03/29/2018 09:14 (73), 01/17/2020 17:59 (5), 02/06/2021 12:17 (3), 02/06/2021 12:23 (1), 04/23/2024 16:57 (27), 07/24/2024 16:24 (1), 09/09/2024 22:29 (1)
Complete: 🔍
Cache ID: 216::103
VulDB is the best source for vulnerability data and more expert information about this specific topic.
No comments yet. Languages: en.
Please log in to comment.