Denial of service in Cisco ASR 5000 Series
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2018-0273 CVE-2018-0239 CVE-2018-0256 |
| CWE-ID | CWE-399 CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Cisco ASR 5000 Series Hardware solutions / Firmware |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Resource management errors
EUVDB-ID: #VU12065
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0273
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists due to improper processing of corrupted Internet Key Exchange Version 2 (IKEv2) messages. A remote attacker can send specially crafted IKEv2 messages, trigger the ipsecmgr service to reload, all IPsec VPN tunnels to be terminated and prevent new tunnels from being established and cause the service to crash.
Update to versions 21.2.6, 21.4.M0.67792, 21.4.D0.67794, 21.4.C0.68000, 21.4.A0.67168, 21.4.A0.67147, 21.4.0, 21.4.0.68051, 21.3.a0.68015, 21.3.M0.67158, 21.3.M0.67139, 21.3.J0.67155, 21.3.J0.67141 or 21.2.6.67773.
Vulnerable software versionsCisco ASR 5000 Series: 19.4.2.65120 - 21.4.0
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-starosasr
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper input validation
EUVDB-ID: #VU12067
Risk: Medium
CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0239
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists in the egress packet processing functionality due to the failure to properly check that the length of a packet to transmit does not exceed the maximum supported length of the network interface card (NIC). A remote attacker can send a specially crafted IP packet or a series of specially crafted IP fragments through an interface, cause the network interface to cease forwarding packets by either IPv4 or IPv6 network traffic.
Update to versions 21.4.M0.67801, 21.4.M0.67798, 21.4.M0.67671, 21.4.D0.67805, 21.4.D0.67675, 21.4.C0.68000, 21.4.0.68051, 21.4.0, 21.3.1.67739, 21.3.1, 21.1.v6.67740, 21.1.v6, 21.0.v4.67670 or 21.0.v4.
Vulnerable software versionsCisco ASR 5000 Series: 21.0.V0.65819 - 21.4.0
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-staros
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper input validation
EUVDB-ID: #VU12068
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0256
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allow a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists in the peer-to-peer message processing functionality due to incorrect validation of peer-to-peer packet headers. A remote attacker can send a specially crafted peer-to-peer packet, trigger the SESSMGR process to restart unexpectedly, which can briefly impact traffic while the SESSMGR process restarts, and cause the service to crash.
Update to versions P2P_2.21, P2P_2.20.896, P2P_2.20.894, P2P_2.19.895, P2P_2.19.892 or P2P_2.19.
Vulnerable software versionsCisco ASR 5000 Series: 20.3.0.66671 - P2P_2.16.879
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-pdng
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
