admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 01:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2018/CVE-2018-03xx/CVE-2018-0369.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

160 lines
6.7 KiB
JSON
Raw Blame History

{
"id": "CVE-2018-0369",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2018-07-16T17:29:00.487",
"lastModified": "2019-10-09T23:31:54.130",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the reassembly logic for fragmented IPv4 packets of Cisco StarOS running on virtual platforms could allow an unauthenticated, remote attacker to trigger a reload of the npusim process, resulting in a denial of service (DoS) condition. There are four instances of the npusim process running per Service Function (SF) instance, each handling a subset of all traffic flowing across the device. It is possible to trigger a reload of all four instances of the npusim process around the same time. The vulnerability is due to improper handling of fragmented IPv4 packets containing options. An attacker could exploit this vulnerability by sending a malicious IPv4 packet across an affected device. An exploit could allow the attacker to trigger a restart of the npusim process, which will result in all traffic queued toward this instance of the npusim process to be dropped while the process is restarting. The npusim process typically restarts within less than a second. This vulnerability affects: Cisco Virtualized Packet Core-Single Instance (VPC-SI), Cisco Virtualized Packet Core-Distributed Instance (VPC-DI), Cisco Ultra Packet Core (UPC). Cisco Bug IDs: CSCvh29613."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la l\u00f3gica para paquetes IPv4 fragmentados de Cisco StarOS que se ejecuta en plataformas virtuales permite que un atacante remoto no autenticado desencadene el reinicio del proceso npusim. Esto resulta una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Hay cuatro instancias del proceso npusim ejecut\u00e1ndose por instancia SF (Service Function); cada una de ellas maneja una serie de tr\u00e1fico que fluye por el dispositivo. Es posible desencadenar una recarga de las cuatro instancias del proceso npusim al mismo tiempo. La vulnerabilidad se debe a una gesti\u00f3n incorrecta de paquetes IPv4 fragmentados que contienen opciones. Un atacante podr\u00eda explotar esta vulnerabilidad enviando un paquete IPv4 malicioso a trav\u00e9s de un dispositivo afectado. Este exploit podr\u00eda permitir que el atacante desencadene el reinicio del proceso npusim, que resultar\u00e1 en que todo el tr\u00e1fico que est\u00e9 en cola hacia esta instancia del proceso npusim se dejar\u00e1 mientras el proceso se reinicia. El proceso npusim suele reiniciarse en menos de un segundo. Esta vulnerabilidad afecta a: Cisco Virtualized Packet Core-Single Instance (VPC-SI), Cisco Virtualized Packet Core-Distributed Instance (VPC-DI) y Cisco Ultra Packet Core (UPC). Cisco Bug IDs: CSCvh29613."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
"versionStartIncluding": "21.3",
"versionEndExcluding": "21.3.15",
"matchCriteriaId": "200A4896-052D-4C31-B15D-FC9A2AE15DB3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
"versionStartIncluding": "21.4",
"versionEndExcluding": "21.5.7",
"matchCriteriaId": "A58F3379-BB8A-43CA-87C0-8B0223E0DC12"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:staros:*:*:*:*:*:*:*:*",
"versionStartIncluding": "21.6",
"versionEndExcluding": "21.6.4",
"matchCriteriaId": "B8E5ED32-9F03-4A70-8331-2C3D4B3AD06F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:asr_5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "746254AC-B039-432C-AA5C-A82260E57AD7"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:asr_5500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "301681DF-2A9E-4A91-9918-4A46153ADC01"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:cisco:asr_5700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A9EF0299-16A7-446D-855D-BFF91EE65534"
}
]
}
]
}
],
"references": [
{
"url": "http://www.securityfocus.com/bid/104723",
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180711-staros-dos",
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink