Vulnerability Details : CVE-2018-0480
A vulnerability in the errdisable per VLAN feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause the device to crash, leading to a denial of service (DoS) condition. The vulnerability is due to a race condition that occurs when the VLAN and port enter an errdisabled state, resulting in an incorrect state in the software. An attacker could exploit this vulnerability by sending frames that trigger the errdisable condition. A successful exploit could allow the attacker to cause the affected device to crash, leading to a DoS condition.
Vulnerability category: Denial of service
Products affected by CVE-2018-0480
- cpe:2.3:o:cisco:ios_xe:3.6\(5\):*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-0480
0.11%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 43 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-0480
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.7
|
MEDIUM | AV:A/AC:M/Au:N/C:N/I:N/A:C |
5.5
|
6.9
|
NIST | |
6.1
|
MEDIUM | CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H |
1.6
|
4.0
|
NIST |
CWE ids for CVE-2018-0480
-
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.Assigned by:
- nvd@nist.gov (Primary)
- ykramarz@cisco.com (Secondary)
References for CVE-2018-0480
-
http://www.securityfocus.com/bid/105400
Cisco IOS XE Software Errdisable CVE-2018-0480 Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-errdisable
Cisco IOS XE Software Errdisable Denial of Service VulnerabilityVendor Advisory
-
http://www.securitytracker.com/id/1041737
Cisco IOS/IOS XE Multiple Flaws Let Remote Users Cause the Target Device to Hang or Reload and Local Users Gain Elevated Privileges - SecurityTrackerThird Party Advisory;VDB Entry
Jump to