Sign-up

ID

VAR-201901-0595


CVE

CVE-2018-15464


TITLE

Cisco 900 series Aggregation Services Router Vulnerable to resource exhaustion

Trust: 0.8

sources: JVNDB: JVNDB-2018-013873

DESCRIPTION

A vulnerability in Cisco 900 Series Aggregation Services Router (ASR) software could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient handling of certain broadcast packets ingress to the device. An attacker could exploit this vulnerability by sending large streams of broadcast packets to an affected device. If successful, an exploit could allow an attacker to impact services running on the device, resulting in a partial DoS condition. This issue is being tracked by Cisco Bug ID CSCvh94635

Trust: 1.98

sources: NVD: CVE-2018-15464 // JVNDB: JVNDB-2018-013873 // BID: 106550 // VULHUB: VHN-125726

AFFECTED PRODUCTS

vendor:ciscomodel:asr 900 series softwarescope:eqversion:16.6.2

Trust: 1.0

vendor:ciscomodel:asr 900 series softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:asrscope:eqversion:90016.6.2

Trust: 0.3

sources: BID: 106550 // JVNDB: JVNDB-2018-013873 // NVD: CVE-2018-15464

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-15464
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2018-15464
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-15464
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201901-306
value: MEDIUM

Trust: 0.6

VULHUB: VHN-125726
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-15464
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-125726
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-15464
baseSeverity: MEDIUM
baseScore: 5.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 2.8

sources: VULHUB: VHN-125726 // JVNDB: JVNDB-2018-013873 // CNNVD: CNNVD-201901-306 // NVD: CVE-2018-15464 // NVD: CVE-2018-15464

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.9

sources: VULHUB: VHN-125726 // JVNDB: JVNDB-2018-013873 // NVD: CVE-2018-15464

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-306

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201901-306

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-013873

PATCH
title:cisco-sa-20190109-asr900-dosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-asr900-dos
Trust: 0.8
title:Multiple Apple Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89502
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-013873 // 
            
            
            
            CNNVD: CNNVD-201901-306

EXTERNAL IDS
db:NVDid:CVE-2018-15464
Trust: 2.8
db:BIDid:106550
Trust: 2.0
db:JVNDBid:JVNDB-2018-013873
Trust: 0.8
db:CNNVDid:CNNVD-201901-306
Trust: 0.7
db:VULHUBid:VHN-125726
Trust: 0.1
sources:
            
            
            VULHUB: VHN-125726 // 
            
            
            
            BID: 106550 // 
            
            
            
            JVNDB: JVNDB-2018-013873 // 
            
            
            
            CNNVD: CNNVD-201901-306 // 
            
            
            
            NVD: CVE-2018-15464

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190109-asr900-dos
Trust: 2.0
url:http://www.securityfocus.com/bid/106550
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15464
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-15464
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-125726 // 
            
            
            
            BID: 106550 // 
            
            
            
            JVNDB: JVNDB-2018-013873 // 
            
            
            
            CNNVD: CNNVD-201901-306 // 
            
            
            
            NVD: CVE-2018-15464

CREDITS
This vulnerability was found during the resolution of a Cisco TAC support case.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201901-306

SOURCES
db:VULHUBid:VHN-125726
db:BIDid:106550
db:JVNDBid:JVNDB-2018-013873
db:CNNVDid:CNNVD-201901-306
db:NVDid:CVE-2018-15464

LAST UPDATE DATE
2024-11-23T22:37:56.146000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-125726date:2019-10-09T00:00:00
db:BIDid:106550date:2019-01-09T00:00:00
db:JVNDBid:JVNDB-2018-013873date:2019-03-05T00:00:00
db:CNNVDid:CNNVD-201901-306date:2019-10-17T00:00:00
db:NVDid:CVE-2018-15464date:2024-11-21T03:50:51.773

SOURCES RELEASE DATE
db:VULHUBid:VHN-125726date:2019-01-11T00:00:00
db:BIDid:106550date:2019-01-09T00:00:00
db:JVNDBid:JVNDB-2018-013873date:2019-03-05T00:00:00
db:CNNVDid:CNNVD-201901-306date:2019-01-10T00:00:00
db:NVDid:CVE-2018-15464date:2019-01-11T15:29:00.247