Main Vulnerability Database Vulnerabilities #VU11361

#VU11361 Improper input validation in Cisco IOS XE - CVE-2018-0174

Published: March 30, 2018 / Updated: March 8, 2022

Vulnerability identifier: #VU11361

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:A/U:Green

CVE-ID: CVE-2018-0174

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: The vulnerability is being exploited in the wild

Vulnerable software:
Cisco IOS XE

Software vendor:
Cisco Systems, Inc

Description

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists in the DHCP option 82 encapsulation functionality due to incomplete input validation of option 82 information that it receives in DHCP Version 4 (DHCPv4) packets from DHCP relay agents. A remote attacker can send a specially crafted DHCPv4 packet and cause the service to crash.

Remediation

Update to versions 15.3(3)S2, 15.2(4)S5, 12.2(33)SRE10, 15.4(1)S0e, 15.4(1)S, 15.4(1.9.1)XEB, 15.4(1.8)S, 15.3(3)S2t, 15.3(3)S2a, 15.3(3)S1.4, 15.2(6)E1, 15.2(6.5.9i)E1, 15.2(6.4.85i)E1, 15.2(4.7.5)EA7, 15.0(1.9.1)SQD8 or 12.2(60)EZ13.

External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dhcpr3

#VU11361 Improper input validation in Cisco IOS XE - CVE-2018-0174

Description

Remediation

External links

Please verify you're human