Vulnerability Details : CVE-2018-0155
A vulnerability in the Bidirectional Forwarding Detection (BFD) offload implementation of Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches could allow an unauthenticated, remote attacker to cause a crash of the iosd process, causing a denial of service (DoS) condition. The vulnerability is due to insufficient error handling when the BFD header in a BFD packet is incomplete. An attacker could exploit this vulnerability by sending a crafted BFD message to or across an affected switch. A successful exploit could allow the attacker to trigger a reload of the system. This vulnerability affects Catalyst 4500 Supervisor Engine 6-E (K5), Catalyst 4500 Supervisor Engine 6L-E (K10), Catalyst 4500 Supervisor Engine 7-E (K10), Catalyst 4500 Supervisor Engine 7L-E (K10), Catalyst 4500E Supervisor Engine 8-E (K10), Catalyst 4500E Supervisor Engine 8L-E (K10), Catalyst 4500E Supervisor Engine 9-E (K10), Catalyst 4500-X Series Switches (K10), Catalyst 4900M Switch (K5), Catalyst 4948E Ethernet Switch (K5). Cisco Bug IDs: CSCvc40729.
Vulnerability category: Denial of service
Products affected by CVE-2018-0155
- cpe:2.3:o:cisco:ios:3.6\(2\)e:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.6\(2\)e:*:*:*:*:*:*:*
CVE-2018-0155 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Cisco Catalyst Bidirectional Forwarding Detection Denial-of-Service Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
A vulnerability in the Bidirectional Forwarding Detection (BFD) offload implementation of Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches could allow an unauthenticated, remote attacker to cause a crash of the iosd process, causing a denial-of-service (DoS) condition.
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2018-0155
Added on
2022-03-03
Action due date
2022-03-17
Exploit prediction scoring system (EPSS) score for CVE-2018-0155
0.62%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 79 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-0155
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST | |
8.6
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H |
3.9
|
4.0
|
NIST |
CWE ids for CVE-2018-0155
-
Assigned by: ykramarz@cisco.com (Secondary)
-
The product does not handle or incorrectly handles an exceptional condition.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-0155
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-bfd
Cisco IOS and IOS XE Software Bidirectional Forwarding Detection Denial of Service VulnerabilityVendor Advisory
-
http://www.securityfocus.com/bid/103565
Cisco IOS and IOS XE Software CVE-2018-0155 Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05
Rockwell Automation Stratix Industrial Managed Ethernet Switch | CISAThird Party Advisory;US Government Resource
-
http://www.securitytracker.com/id/1040587
Cisco Catalyst 4500 and 4500-X Series Switches Bidirectional Forwarding Detection Error Handling Bug Lets Remote Users Cause the Target 'iosd' Service to Crash - SecurityTrackerThird Party Advisory;VDB Entry
Jump to