Sign-up

ID

VAR-201802-0602


CVE

CVE-2018-0137


TITLE

Cisco Prime Network Resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-002212

DESCRIPTION

A vulnerability in the TCP throttling process of Cisco Prime Network could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate limiting protection for TCP listening ports. An attacker could exploit this vulnerability by sending the affected device a high rate of TCP SYN packets to the local IP address of the targeted application. A successful exploit could allow the attacker to cause the device to consume a high amount of memory and become slow, or to stop accepting new TCP connections to the application. Cisco Bug IDs: CSCvg48152. Cisco Prime Network Contains a resource management vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvg48152 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to cause a denial-of-service condition; denying service to legitimate users

Trust: 1.98

sources: NVD: CVE-2018-0137 // JVNDB: JVNDB-2018-002212 // BID: 102955 // VULHUB: VHN-118339

AFFECTED PRODUCTS

vendor:ciscomodel:prime networkscope:eqversion:4.3\(0.0\)pp6

Trust: 1.6

vendor:ciscomodel:prime networkscope:eqversion:4.3\(2.0\)pp1

Trust: 1.6

vendor:ciscomodel:prime networkscope: - version: -

Trust: 0.8

vendor:ciscomodel:prime network 4.3 pp1scope: - version: -

Trust: 0.3

vendor:ciscomodel:prime network 4.3 pp6scope: - version: -

Trust: 0.3

sources: BID: 102955 // JVNDB: JVNDB-2018-002212 // CNNVD: CNNVD-201802-266 // NVD: CVE-2018-0137

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0137
value: HIGH

Trust: 1.0

NVD: CVE-2018-0137
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201802-266
value: HIGH

Trust: 0.6

VULHUB: VHN-118339
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0137
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118339
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0137
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-118339 // JVNDB: JVNDB-2018-002212 // CNNVD: CNNVD-201802-266 // NVD: CVE-2018-0137

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

problemtype:CWE-770

Trust: 1.1

sources: VULHUB: VHN-118339 // JVNDB: JVNDB-2018-002212 // NVD: CVE-2018-0137

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201802-266

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201802-266

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-002212

PATCH
title:cisco-sa-20180207-cpnurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-cpn
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-002212

EXTERNAL IDS
db:NVDid:CVE-2018-0137
Trust: 2.8
db:BIDid:102955
Trust: 2.0
db:JVNDBid:JVNDB-2018-002212
Trust: 0.8
db:CNNVDid:CNNVD-201802-266
Trust: 0.7
db:VULHUBid:VHN-118339
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118339 // 
            
            
            
            BID: 102955 // 
            
            
            
            JVNDB: JVNDB-2018-002212 // 
            
            
            
            CNNVD: CNNVD-201802-266 // 
            
            
            
            NVD: CVE-2018-0137

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180207-cpn
Trust: 2.0
url:http://www.securityfocus.com/bid/102955
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0137
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0137
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-118339 // 
            
            
            
            BID: 102955 // 
            
            
            
            JVNDB: JVNDB-2018-002212 // 
            
            
            
            CNNVD: CNNVD-201802-266 // 
            
            
            
            NVD: CVE-2018-0137

CREDITS
Cisco.
Trust: 0.3
sources:
            
            
            BID: 102955

SOURCES
db:VULHUBid:VHN-118339
db:BIDid:102955
db:JVNDBid:JVNDB-2018-002212
db:CNNVDid:CNNVD-201802-266
db:NVDid:CVE-2018-0137

LAST UPDATE DATE
2024-11-23T22:00:41.346000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118339date:2019-10-09T00:00:00
db:BIDid:102955date:2018-02-07T00:00:00
db:JVNDBid:JVNDB-2018-002212date:2018-04-02T00:00:00
db:CNNVDid:CNNVD-201802-266date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0137date:2024-11-21T03:37:35.600

SOURCES RELEASE DATE
db:VULHUBid:VHN-118339date:2018-02-08T00:00:00
db:BIDid:102955date:2018-02-07T00:00:00
db:JVNDBid:JVNDB-2018-002212date:2018-04-02T00:00:00
db:CNNVDid:CNNVD-201802-266date:2018-02-09T00:00:00
db:NVDid:CVE-2018-0137date:2018-02-08T07:29:00.947