Main Vulnerability Database Vulnerabilities #VU11357

#VU11357 Resource exhaustion in Cisco IOS XE - CVE-2018-0165

Published: March 30, 2018

Vulnerability identifier: #VU11357

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2018-0165

CWE-ID: CWE-400

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
Cisco IOS XE

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows an adjacent unauthenticated attacker to cause DoS condition on the target system.

The weakness exists in the Internet Group Management Protocol (IGMP) packet-processing functionality due to insufficiently processing of IGMP Membership Query packets. An adjacent attacker can send a large number of specially crafted IGMP Membership Query packets, trigger buffer exhaustion and cause the service to crash.

Remediation

Update to versions 16.7(0.83), 16.6(1.3), 16.6(0.244), 16.3.5b, 16.3.5, 16.3(4.60), 15.2(5.5.64)E, 15.2(5.5.63)E, 15.2(5.0.73)E, 15.2(5)E, 15.2(4)E3, 15.2(4)E2, 15.2(4)E1, 3.9(0)E or 3.8(1)E.

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-igmp

#VU11357 Resource exhaustion in Cisco IOS XE - CVE-2018-0165

Description

Remediation

External links

Please verify you're human