Improper input validation in Cisco Systems, Inc products - CVE-2018-0136
Published: February 1, 2018 / Updated: February 1, 2018
Vulnerability identifier: #VU10339
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2018-0136
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco ASR 9922 Router
Cisco ASR 9912 Router
Cisco ASR 9001 Router
Cisco ASR 9006 Router
Cisco ASR 9904 Router
Cisco ASR 9010 Router
Cisco ASR 9000 Series Aggregation Services Routers
Cisco ASR 9922 Router
Cisco ASR 9912 Router
Cisco ASR 9001 Router
Cisco ASR 9006 Router
Cisco ASR 9904 Router
Cisco ASR 9010 Router
Cisco ASR 9000 Series Aggregation Services Routers
Detailed vulnerability description
The vulnerability allows a remote attacker to cause DoS condition no the target system.
The vulnerability exists in the IPv6 subsystem due to incorrect handling of IPv6 packets with a fragment header extension. A remote attacker can send specially crafted IPv6 packets designed to trigger the issue either to or through the Trident-based line card and cause the Trident-based line cards to reload during the period of time the line card takes to restart.
Successful exploitation of the vulnerability results in denial of service.
How to mitigate CVE-2018-0136
Update to version 5.3.4.