Vulnerability Details : CVE-2018-0257
A vulnerability in Cisco IOS XE Software running on Cisco cBR Series Converged Broadband Routers could allow an unauthenticated, adjacent attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to the incorrect handling of certain DHCP packets. An attacker could exploit this vulnerability by sending certain DHCP packets to a specific segment of an affected device. A successful exploit could allow the attacker to increase CPU usage on the affected device and cause a DoS condition. Cisco Bug IDs: CSCvg73687.
Vulnerability category: Denial of service
Products affected by CVE-2018-0257
- cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:15.6\(2\)sp:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:16.5:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:16.4:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-0257
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 39 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-0257
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.3
|
LOW | AV:A/AC:L/Au:N/C:N/I:N/A:P |
6.5
|
2.9
|
NIST | |
4.3
|
MEDIUM | CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
2.8
|
1.4
|
NIST |
CWE ids for CVE-2018-0257
-
Assigned by: ykramarz@cisco.com (Secondary)
References for CVE-2018-0257
-
http://www.securitytracker.com/id/1040716
Cisco IOS XE on cBR Converged Broadband Routers DHCP Processing Flaw Lets Remote Users Consume Excessive CPU Resources on the Target System - SecurityTrackerThird Party Advisory;VDB Entry
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-cbr8
Cisco cBR Series Converged Broadband Routers High CPU Usage Denial of Service VulnerabilityVendor Advisory
-
http://www.securityfocus.com/bid/103948
Cisco cBR Series Converged Broadband Routers CVE-2018-0257 Denial of Service VulnerabilityThird Party Advisory;VDB Entry
Jump to