Memory leak in Cisco Carrier Routing System - CVE-2018-0241
Published: April 18, 2018 / Updated: April 20, 2018
Vulnerability identifier: #VU12070
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-0241
CWE-ID: CWE-401
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Carrier Routing System
Cisco Carrier Routing System
Detailed vulnerability description
The vulnerability allows an adjacent unauthenticated attacker to cause DoS condition on the target system.
The weakness exists due to improper handling of UDP broadcast packets that are forwarded to an IPv4 helper address. An adjacent attacker can send multiple UDP broadcast packets, trigger buffer leak and cause the service to crash.
How to mitigate CVE-2018-0241
Update to versions 6.2.3, 6.1.4, 5.3.4, 6.5.1.13i.FWDG, 6.5.1.13i, 6.4.2.1i.FWDG, 6.4.2.1i, 6.4.1.38i.FWDG, 6.4.1.38i, 6.3.3.2i.FWDG, 6.3.3.2i, 6.3.2.35i.FWDG, 6.3.2.35i or 6.1.42.28i.