CVE-2018-15428

{"id": "CVE-2018-15428", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 2.2}]}, "published": "2018-10-05T14:29:11.543", "references": [{"url": "http://www.securitytracker.com/id/1041790", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-iosxr-dos", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the implementation of Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain BGP update messages. An attacker could exploit this vulnerability by sending BGP update messages that include a specific, malformed attribute to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer."}, {"lang": "es", "value": "Una vulnerabilidad en la implementaci\u00f3n de la funcionalidad Border Gateway Protocol (BGP) de Cisco IOS XR Software podr\u00eda permitir que un atacante remoto no autenticado provoque una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Esta vulnerabilidad se debe a un procesamiento incorrecto de ciertos mensajes de actualizaci\u00f3n BGP. Un atacante podr\u00eda explotar esta vulnerabilidad enviando mensajes de actualizaci\u00f3n BGP que incluyen un atributo espec\u00edfico mal formado para que sea procesado por un sistema afectado. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir que el atacante haga que el proceso BGP se reinicie inesperadamente, resultando en una denegaci\u00f3n de servicio (DoS). La implementaci\u00f3n de Cisco de BGP acepta el tr\u00e1fico BGP entrante solo desde peers definidos de forma expl\u00edcita. Para explotar esta vulnerabilidad, el mensaje de actualizaci\u00f3n BGP malicioso necesitar\u00eda provenir de un peer BGP v\u00e1lido y configurado o, por otro lado, necesitar\u00eda ser inyectado por el atacante4 en la red BGP de la v\u00edctima en una conexi\u00f3n existente TCP v\u00e1lida a un peer BGP."}], "lastModified": "2019-10-09T23:35:36.250", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios_xr:6.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9BE8485-444F-45E2-BBBB-B69BF322FEB7"}, {"criteria": "cpe:2.3:o:cisco:ios_xr:6.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F87B6885-A267-439B-AE04-CBD950BEC205"}, {"criteria": "cpe:2.3:o:cisco:ios_xr:6.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52CC4093-80C1-4B0C-82D2-647C625FF42D"}, {"criteria": "cpe:2.3:o:cisco:ios_xr:6.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0235F415-F327-4914-8E2A-96334984797D"}, {"criteria": "cpe:2.3:o:cisco:ios_xr:6.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D093D77E-66E3-4659-820E-F7E03A51A83C"}, {"criteria": "cpe:2.3:o:cisco:ios_xr:6.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC06F7E7-D67F-4C91-B545-F7EB62858BA5"}, {"criteria": "cpe:2.3:o:cisco:ios_xr:6.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27A732BF-A723-48EA-AC0F-813CA5A2DB0F"}, {"criteria": "cpe:2.3:o:cisco:ios_xr:6.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F517C60E-4580-486E-9A03-82A023755374"}, {"criteria": "cpe:2.3:o:cisco:ios_xr:6.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "370F74EC-829D-4574-BE7D-85700E15C433"}, {"criteria": "cpe:2.3:o:cisco:ios_xr:6.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A29F9DD0-2FA4-463C-BF53-CFE351CB94DE"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "324C97E6-1810-404F-9F45-6240F99FF039"}, {"criteria": "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "57EB55BB-41B7-40A1-B6F5-142FE8AB4C16"}, {"criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "433F4A82-04A4-4EAA-8C19-F7581DCD8D29"}, {"criteria": "cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2D5E60AB-94FF-448A-89D8-5D2197E21C74"}, {"criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A93212A4-50AB-42E7-89A4-5FBBAEA050C3"}, {"criteria": "cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EDA53A61-98B3-458C-8893-61CD7D6B1E48"}, {"criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F396564E-B477-4A27-A189-CEB737552E25"}, {"criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5445CC54-ACFB-4070-AF26-F91FEAA85181"}, {"criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D7AA58E5-D7E1-48CF-93FF-C60EB85B2BC7"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ykramarz@cisco.com"}