Denial of service in Cisco cBR Series Converged Broadband Routers
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2018-0257 |
| CWE-ID | CWE-400 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Cisco cBR Series Converged Broadband Routers Hardware solutions / Routers & switches, VoIP, GSM, etc |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Resource exhaustion
EUVDB-ID: #VU12085
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0257
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionA vulnerability allows an adjacent unauthenticated attacker to cause DoS condition on the target system.
The weakness exists due to the incorrect handling of certain DHCP packets. An adjacent attacker can send certain DHCP packets to a specific segment, increase CPU usage and cause the service to crash.
Update to versions 16.8(0.109), 16.7(1.34) or 16.6(2.36).
Vulnerable software versionsCisco cBR Series Converged Broadband Routers: 15.6.2 SP
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-cbr8
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
