SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


Try our Premium Alert Service
 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service





Category:   Device (Router/Bridge/Hub)  >   Cisco IOS Vendors:   Cisco
Cisco IOS/IOS XE Multiple Flaws Let Remote Users Cause the Target Device to Hang or Reload and Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1041737
SecurityTracker URL:  http://securitytracker.com/id/1041737
CVE Reference:   CVE-2018-0466, CVE-2018-0467, CVE-2018-0469, CVE-2018-0470, CVE-2018-0471, CVE-2018-0472, CVE-2018-0473, CVE-2018-0475, CVE-2018-0476, CVE-2018-0477, CVE-2018-0480, CVE-2018-0481, CVE-2018-0485   (Links to External Site)
Date:  Sep 28 2018
Impact:   Denial of service via network, Execution of arbitrary code via local system, Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Multiple vulnerabilities were reported in Cisco IOS and IOS XE. A remote user can cause the target service to hang or reload. A local user can gain elevated privileges.

A remote user can send specially crafted Cisco Discovery Protocol (CDP) packets to the target adjacent device to trigger a memory leak, eventually causing a memory allocation error and causing the target device to crash [CVE-2018-0471].

Cisco IOS XE versions 16.6.1 and 16.6.2 are affected.

The vendor has assigned bug ID CSCvf50648 to this vulnerability.

A remote user can send a specially crafted Cluster Management Protocol (CMP) message to cause the target device to crash and reload or hang [CVE-2018-0475]. A manual reboot may be required to return the system to normal operations.

The vendor has assigned bug ID CSCvg48576 to this vulnerability.

A remote user can send specially crafted data to trigger a race condition between a VLAN and port when entering an 'errdisabled' state, causing the target IOS XE device to crash [CVE-2018-0480].

Cisco Catalyst 3650, 3850, and 4500E series switches are affected when the errdisable feature is enabled for a feature at both the VLAN and port level.

The vendor has assigned bug ID CSCvh13611 to this vulnerability.

A local user with privilege level 15 (EXEC mode) can send specially crafted command line interface commands to trigger an input validation flaw and execute arbitrary Linux operating system commands on the target IOS XE system with root privileges [CVE-2018-0477, CVE-2018-0481].

The vendor has assigned bug IDs CSCvh02919 and CSCvh54202 to these vulnerabilities.

A remote user can send specially crafted IPv6 hop-by-hop options to or through the target device to cause the device to reload [CVE-2018-0467].

The vendor has assigned bug ID CSCuz28570 to this vulnerability.

A remote user can send specially crafted Precision Time Protocol (PTP) data to or through the target IOS device to trigger a synchronization error and cause denial of service conditions [CVE-2018-0473].

The Cisco 2500 Series Connected Grid Switches, Cisco Connected Grid Ethernet Switch Module Interface Card, and the Industrial Ethernet 2000, 2000U, 3000, 2010, 4000, 4010, and 5000 Series Switches are affected.

The vendor has assigned bug IDs CSCvf94015 and CSCvh77659 to this vulnerability.

A remote user can send specially crafted HTTP packets to the target device to trigger a buffer overflow and cause denial of service conditions [CVE-2018-0470].

Systems running the HTTP Server feature are affected.

The vendor has assigned bug ID CSCvb22618 to this vulnerability.

A remote user can with access to the management interface can send specially crafted HTTP requests to the target web user interface to trigger a double-free memory error and cause the target device to crash [CVE-2018-0469]. IOS XE versions 16.2.2 and later require authentication to exploit.

Cisco Catalyst 3650 and 3850 series devices are affected if the HTTP Server feature is enabled.

The vendor has assigned bug ID CSCva31961 to this vulnerability.

A remote user can send specially crafted IPsec Authentication Header (AH) or Encapsulating Security Payload (ESP) packets to cause the target system to crash [CVE-2018-0472].

The vendor has assigned bug IDs CSCvf73114, CSCvg37952, CSCvh04189, CSCvh04591, and CSCvi30496 to this vulnerability.

A remote user can send specially crafted Open Shortest Path First version 3 (OSPFv3) Link-State Advertisements (LSA) data to cause the target device to reload [CVE-2018-0466].

The vendor has assigned bug ID CSCuy82806 to this vulnerability.

Dmitry Kuznetsov of Digital Security reported one vulnerability.

Impact:   A remote user can cause the target device to crash or reload.

A local user can obtain root privileges on the target device.

Solution:   The vendor has issued a fix.

The vendor's advisory is available at:

https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-69981

The vendor's individual advisories are available at:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-cmp
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-ipv6hbh
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-ospfv3-dos
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-sm1t3e3
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-ptp
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-ipsec
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-cdp-memleak
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-iosxe-cmdinj
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-errdisable
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-webdos
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-sip-alg
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-webuidos

Vendor URL:  tools.cisco.com/security/center/viewErp.x?alertId=ERP-69981 (Links to External Site)
Cause:   Access control error, Input validation error, State error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2018, SecurityGlobal.net LLC