CVE-2018-15428
Vulnerability from cvelistv5
Published
2018-10-05 14:00
Modified
2024-11-26 14:27
Severity ?
EPSS score ?
Summary
Cisco IOS XR Software Border Gateway Protocol Denial of Service Vulnerability
References
▼ | URL | Tags | |
---|---|---|---|
ykramarz@cisco.com | http://www.securitytracker.com/id/1041790 | Third Party Advisory, VDB Entry | |
ykramarz@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-iosxr-dos | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041790 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-iosxr-dos | Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Cisco | Cisco IOS XR Software |
Version: n/a |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T09:54:03.419Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20181003 Cisco IOS XR Software Border Gateway Protocol Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-iosxr-dos" }, { "name": "1041790", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1041790" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2018-15428", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-25T18:47:47.186898Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-26T14:27:41.055Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco IOS XR Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2018-10-03T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the implementation of Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain BGP update messages. An attacker could exploit this vulnerability by sending BGP update messages that include a specific, malformed attribute to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim\u0027s BGP network on an existing, valid TCP connection to a BGP peer." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-07T09:57:02", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20181003 Cisco IOS XR Software Border Gateway Protocol Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-iosxr-dos" }, { "name": "1041790", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1041790" } ], "source": { "advisory": "cisco-sa-20181003-iosxr-dos", "defect": [ [ "CSCvj58445" ] ], "discovery": "UNKNOWN" }, "title": "Cisco IOS XR Software Border Gateway Protocol Denial of Service Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2018-10-03T16:00:00-0500", "ID": "CVE-2018-15428", "STATE": "PUBLIC", "TITLE": "Cisco IOS XR Software Border Gateway Protocol Denial of Service Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco IOS XR Software", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the implementation of Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain BGP update messages. An attacker could exploit this vulnerability by sending BGP update messages that include a specific, malformed attribute to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim\u0027s BGP network on an existing, valid TCP connection to a BGP peer." } ] }, "impact": { "cvss": { "baseScore": "6.8", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-20" } ] } ] }, "references": { "reference_data": [ { "name": "20181003 Cisco IOS XR Software Border Gateway Protocol Denial of Service Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-iosxr-dos" }, { "name": "1041790", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041790" } ] }, "source": { "advisory": "cisco-sa-20181003-iosxr-dos", "defect": [ [ "CSCvj58445" ] ], "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2018-15428", "datePublished": "2018-10-05T14:00:00Z", "dateReserved": "2018-08-17T00:00:00", "dateUpdated": "2024-11-26T14:27:41.055Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2018-15428\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2018-10-05T14:29:11.543\",\"lastModified\":\"2024-11-21T03:50:46.520\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the implementation of Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain BGP update messages. An attacker could exploit this vulnerability by sending BGP update messages that include a specific, malformed attribute to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim\u0027s BGP network on an existing, valid TCP connection to a BGP peer.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en la implementaci\u00f3n de la funcionalidad Border Gateway Protocol (BGP) de Cisco IOS XR Software podr\u00eda permitir que un atacante remoto no autenticado provoque una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Esta vulnerabilidad se debe a un procesamiento incorrecto de ciertos mensajes de actualizaci\u00f3n BGP. Un atacante podr\u00eda explotar esta vulnerabilidad enviando mensajes de actualizaci\u00f3n BGP que incluyen un atributo espec\u00edfico mal formado para que sea procesado por un sistema afectado. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir que el atacante haga que el proceso BGP se reinicie inesperadamente, resultando en una denegaci\u00f3n de servicio (DoS). La implementaci\u00f3n de Cisco de BGP acepta el tr\u00e1fico BGP entrante solo desde peers definidos de forma expl\u00edcita. Para explotar esta vulnerabilidad, el mensaje de actualizaci\u00f3n BGP malicioso necesitar\u00eda provenir de un peer BGP v\u00e1lido y configurado o, por otro lado, necesitar\u00eda ser inyectado por el atacante4 en la red BGP de la v\u00edctima en una conexi\u00f3n existente TCP v\u00e1lida a un peer BGP.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":4.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xr:6.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9BE8485-444F-45E2-BBBB-B69BF322FEB7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xr:6.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F87B6885-A267-439B-AE04-CBD950BEC205\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xr:6.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"52CC4093-80C1-4B0C-82D2-647C625FF42D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xr:6.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0235F415-F327-4914-8E2A-96334984797D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xr:6.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D093D77E-66E3-4659-820E-F7E03A51A83C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xr:6.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC06F7E7-D67F-4C91-B545-F7EB62858BA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xr:6.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27A732BF-A723-48EA-AC0F-813CA5A2DB0F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xr:6.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F517C60E-4580-486E-9A03-82A023755374\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xr:6.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"370F74EC-829D-4574-BE7D-85700E15C433\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios_xr:6.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A29F9DD0-2FA4-463C-BF53-CFE351CB94DE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"324C97E6-1810-404F-9F45-6240F99FF039\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57EB55BB-41B7-40A1-B6F5-142FE8AB4C16\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"433F4A82-04A4-4EAA-8C19-F7581DCD8D29\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D5E60AB-94FF-448A-89D8-5D2197E21C74\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A93212A4-50AB-42E7-89A4-5FBBAEA050C3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDA53A61-98B3-458C-8893-61CD7D6B1E48\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F396564E-B477-4A27-A189-CEB737552E25\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5445CC54-ACFB-4070-AF26-F91FEAA85181\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7AA58E5-D7E1-48CF-93FF-C60EB85B2BC7\"}]}]}],\"references\":[{\"url\":\"http://www.securitytracker.com/id/1041790\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-iosxr-dos\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1041790\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-iosxr-dos\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.