Improper input validation in Cisco ASR 5000 Series - CVE-2018-0239
Published: April 20, 2018
Vulnerability identifier: #VU12067
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2018-0239
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco ASR 5000 Series
Cisco ASR 5000 Series
Detailed vulnerability description
The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists in the egress packet processing functionality due to the failure to properly check that the length of a packet to transmit does not exceed the maximum supported length of the network interface card (NIC). A remote attacker can send a specially crafted IP packet or a series of specially crafted IP fragments through an interface, cause the network interface to cease forwarding packets by either IPv4 or IPv6 network traffic.
The weakness exists in the egress packet processing functionality due to the failure to properly check that the length of a packet to transmit does not exceed the maximum supported length of the network interface card (NIC). A remote attacker can send a specially crafted IP packet or a series of specially crafted IP fragments through an interface, cause the network interface to cease forwarding packets by either IPv4 or IPv6 network traffic.
How to mitigate CVE-2018-0239
Update to versions 21.4.M0.67801, 21.4.M0.67798, 21.4.M0.67671, 21.4.D0.67805, 21.4.D0.67675, 21.4.C0.68000, 21.4.0.68051, 21.4.0, 21.3.1.67739, 21.3.1, 21.1.v6.67740, 21.1.v6, 21.0.v4.67670 or 21.0.v4.