CVE-2018-0170 - A vulnerability in the Cisco Umbrella Integration feature of Cisco IOS XE Software could allow an un

CVE-2018-0170

Summary

A vulnerability in the Cisco Umbrella Integration feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition, related to the OpenDNS software. The vulnerability is due to a logic error that exists when handling a malformed incoming packet, leading to access to an internal data structure after it has been freed. An attacker could exploit this vulnerability by sending crafted, malformed IP packets to an affected device. A successful exploit could allow the attacker to cause an affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvb86327.

References

Vulnerable Configurations

cpe:2.3:o:cisco:ios_xe:16.4.1:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios_xe:16.4.1:*:*:*:*:*:*:*

CVSS

Base:	7.8 (as of 03-12-2019 - 18:55)
Impact:
Exploitability:

CWE

CWE-416

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:C

refmap via4

bid	103560
confirm	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-opendns-dos
sectrack	1040590

Last major update

03-12-2019 - 18:55

Published

28-03-2018 - 22:29

Last modified

03-12-2019 - 18:55