CVE-2018-0473 - A vulnerability in the Precision Time Protocol (PTP) subsystem of Cisco IOS Software could allow an

CVE-2018-0473

Summary

A vulnerability in the Precision Time Protocol (PTP) subsystem of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition of the Precision Time Protocol. The vulnerability is due to insufficient processing of PTP packets. An attacker could exploit this vulnerability by sending a custom PTP packet to, or through, an affected device. A successful exploit could allow the attacker to cause a DoS condition for the PTP subsystem, resulting in time synchronization issues across the network.

References

Vulnerable Configurations

cpe:2.3:o:cisco:ios:15.2\(4\)e:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:15.2\(4\)e:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:15.2\(5\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios:15.2\(5\):*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

refmap via4

bid	105427
cisco	20180926 Cisco IOS Software Precision Time Protocol Denial of Service Vulnerability
misc	https://ics-cert.us-cert.gov/advisories/ICSA-19-094-03
sectrack	1041737

Last major update

03-10-2019 - 00:03

Published

05-10-2018 - 14:29

Last modified

03-10-2019 - 00:03