CVE-2018-0171

{"id": "CVE-2018-0171", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": true, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2018-03-28T22:29:01.063", "references": [{"url": "http://www.securityfocus.com/bid/103538", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1040580", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ykramarz@cisco.com"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "https://www.darkreading.com/perimeter/attackers-exploit-cisco-switch-issue-as-vendor-warns-of-yet-another-critical-flaw/d/d-id/1331490", "tags": ["Press/Media Coverage"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/bid/103538", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1040580", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.darkreading.com/perimeter/attackers-exploit-cisco-switch-issue-as-vendor-warns-of-yet-another-critical-flaw/d/d-id/1331490", "tags": ["Press/Media Coverage"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on an affected device. The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted Smart Install message to an affected device on TCP port 4786. A successful exploit could allow the attacker to cause a buffer overflow on the affected device, which could have the following impacts: Triggering a reload of the device, Allowing the attacker to execute arbitrary code on the device, Causing an indefinite loop on the affected device that triggers a watchdog crash. Cisco Bug IDs: CSCvg76186."}, {"lang": "es", "value": "Una vulnerabilidad en la caracter\u00edstica Smart Install de Cisco IOS Software y Cisco IOS XE Software podr\u00eda permitir que un atacante remoto no autenticado desencadene la recarga de un dispositivo afectado. Esto resulta en una condici\u00f3n de denegaci\u00f3n de servicio (DoS) o en la ejecuci\u00f3n de c\u00f3digo arbitrario en un dispositivo afectado. Esta vulnerabilidad se debe a la validaci\u00f3n incorrecta de datos del paquete. Un atacante podr\u00eda explotar esta vulnerabilidad enviando un mensaje Smart Install manipulado al dispositivo afectado en el puerto TCP 4786. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir que el atacante provoque un desbordamiento de b\u00fafer en el dispositivo afectado, lo que podr\u00eda provocar los siguientes impactos: Desencadenar la recarga del dispositivo, permitir que el atacante ejecute c\u00f3digo arbitrario en el dispositivo, provocar un bucle impreciso en el dispositivo afectado que desencadene un cierre inesperado del watchdog. Cisco Bug IDs: CSCvg76186."}], "lastModified": "2024-11-21T03:37:39.277", "cisaActionDue": "2022-05-03", "cisaExploitAdd": "2021-11-03", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios:15.2\\(5\\)e:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F112DE64-0042-4FB9-945D-3107468193E5"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability"}