CVE-2018-0466 - A vulnerability in the Open Shortest Path First version 3 (OSPFv3) implementation in Cisco IOS and I

CVE-2018-0466

Summary

A vulnerability in the Open Shortest Path First version 3 (OSPFv3) implementation in Cisco IOS and IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload. The vulnerability is due to incorrect handling of specific OSPFv3 packets. An attacker could exploit this vulnerability by sending crafted OSPFv3 Link-State Advertisements (LSA) to an affected device. An exploit could allow the attacker to cause an affected device to reload, leading to a denial of service (DoS) condition.

References

Vulnerable Configurations

cpe:2.3:o:cisco:ios:16.2.1:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:16.2.1:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios_xe:16.2.1:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios_xe:16.2.1:*:*:*:*:*:*:*

CVSS

Base:	6.1 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
ADJACENT_NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:A/AC:L/Au:N/C:N/I:N/A:C

refmap via4

bid	105403
cisco	20180926 Cisco IOS and IOS XE Software OSPFv3 Denial of Service Vulnerability
misc	https://ics-cert.us-cert.gov/advisories/ICSA-19-094-03
sectrack	1041737

Last major update

03-10-2019 - 00:03

Published

05-10-2018 - 14:29

Last modified

03-10-2019 - 00:03