![]() ![]() The vulnerability exists because the affected software performs incomplete input validation of option 82 information that it receives in DHCP Version 4 (DHCPv4) packets from DHCP relay agents. 3.2.3 IMPROPER INPUT VALIDATION CWE-20Ī vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated remote attacker to cause an affected device to reload, resulting in a DoS condition. A CVSS v3 base score of 8.6 has been calculated the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H). An attacker could exploit this vulnerability by sending a crafted packet to an affected device on TCP port 4786.ĬVE-2018-0156 has been assigned to this vulnerability. The vulnerability is due to improper validation of packet data. 3.2.2 RESOURCE MANAGEMENT ERRORS CWE-399Ī vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated remote attacker to trigger a reload of an affected device, resulting in a DoS condition. A CVSS v3 base score of 9.8 has been calculated the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). A successful exploit could allow the attacker to cause a buffer overflow on the affected device.ĬVE-2018-0171 has been assigned to this vulnerability. An attacker could exploit this vulnerability by sending a crafted Smart Install message to an affected device on TCP port 4786. ![]() 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER INPUT VALIDATION CWE-20Ī vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on an affected device. Updates for all affected products are now available and linked in the Mitigation section below.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |