Resource exhaustion in Cisco cBR Series Converged Broadband Routers - CVE-2018-0257
Published: April 23, 2018
Vulnerability identifier: #VU12085
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-0257
CWE-ID: CWE-400
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco cBR Series Converged Broadband Routers
Cisco cBR Series Converged Broadband Routers
Detailed vulnerability description
A vulnerability allows an adjacent unauthenticated attacker to cause DoS condition on the target system.
The weakness exists due to the incorrect handling of certain DHCP packets. An adjacent attacker can send certain DHCP packets to a specific segment, increase CPU usage and cause the service to crash.
The weakness exists due to the incorrect handling of certain DHCP packets. An adjacent attacker can send certain DHCP packets to a specific segment, increase CPU usage and cause the service to crash.
How to mitigate CVE-2018-0257
Update to versions 16.8(0.109), 16.7(1.34) or 16.6(2.36).