TROYANOSYVIRUS
Volver a CVEs

CVE-2018-0155

HIGHCISA KEV
8.6

Descripcion

A vulnerability in the Bidirectional Forwarding Detection (BFD) offload implementation of Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches could allow an unauthenticated, remote attacker to cause a crash of the iosd process, causing a denial of service (DoS) condition. The vulnerability is due to insufficient error handling when the BFD header in a BFD packet is incomplete. An attacker could exploit this vulnerability by sending a crafted BFD message to or across an affected switch. A successful exploit could allow the attacker to trigger a reload of the system. This vulnerability affects Catalyst 4500 Supervisor Engine 6-E (K5), Catalyst 4500 Supervisor Engine 6L-E (K10), Catalyst 4500 Supervisor Engine 7-E (K10), Catalyst 4500 Supervisor Engine 7L-E (K10), Catalyst 4500E Supervisor Engine 8-E (K10), Catalyst 4500E Supervisor Engine 8L-E (K10), Catalyst 4500E Supervisor Engine 9-E (K10), Catalyst 4500-X Series Switches (K10), Catalyst 4900M Switch (K5), Catalyst 4948E Ethernet Switch (K5). Cisco Bug IDs: CSCvc40729.

Detalles CVE

Puntuacion CVSS v3.18.6
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado3/28/2018
Ultima modificacion1/13/2026
Fuentekev
Avistamientos honeypot0

CISA KEV

VendedorCisco
ProductoCatalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches
Nombre vulnerabilidadCisco Catalyst Bidirectional Forwarding Detection Denial-of-Service Vulnerability
Fecha inclusion KEV2022-03-03
Fecha limite remediacion2022-03-17
Uso en ransomwareUnknown

Productos afectados

cisco:catalyst_4500-x_series_switches_\(k10\)cisco:catalyst_4500_supervisor_engine_6-e_\(k5\)cisco:catalyst_4500_supervisor_engine_6l-e_\(k10\)cisco:catalyst_4500_supervisor_engine_7-e_\(k10\)cisco:catalyst_4500_supervisor_engine_7l-e_\(k10\)cisco:catalyst_4500e_supervisor_engine_8-e_\(k10\)cisco:catalyst_4500e_supervisor_engine_8l-e_\(k10\)cisco:catalyst_4500e_supervisor_engine_9-e_\(k10\)cisco:catalyst_4900m_switch_\(k5\)cisco:catalyst_4948e_ethernet_switch_\(k5\)cisco:ioscisco:ios_xerockwellautomation:allen-bradley_stratix_8300_industrial_managed_ethernet_switch

Debilidades (CWE)

CWE-388CWE-755

Referencias

http://www.securityfocus.com/bid/103565(psirt@cisco.com)
http://www.securitytracker.com/id/1040587(psirt@cisco.com)
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05(psirt@cisco.com)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-bfd(psirt@cisco.com)
http://www.securityfocus.com/bid/103565(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1040587(af854a3a-2127-422b-91ae-364da2661108)
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05(af854a3a-2127-422b-91ae-364da2661108)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-bfd(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-0155(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.