cnvd - cnvd-2018-04722

cnvd-2018-04722

Vulnerability from cnvd

Title: Cisco Aggregation Services Router 9000 Series Cisco IOS XR Software拒绝服务漏洞

Description:

Cisco Aggregation Services Router（ASR）9000 Series是美国思科（Cisco）公司的9000系列无线控制器产品。Cisco IOS XR Software是其中的一套模块化、分布式的网络操作系统。

Cisco Aggregation Services Router (ASR) 9000 Series中的Cisco IOS XR Software 5.3.4版本的IPv6子系统存在拒绝服务漏洞，该漏洞源于程序未能正确的处理IPv6数据包。当路由器安装有基于Trident的线卡并配置有IPv6，远程攻击者可通过发送IPv6数据包利用该漏洞造成拒绝服务（重启）。

Severity: 高

Patch Name: Cisco Aggregation Services Router 9000 Series Cisco IOS XR Software拒绝服务漏洞的补丁

Patch Description:

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvg46800

Reference: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180131-ipv6

Impacted products

Name
['Cisco IOS XR Software 5.3.4', 'Cisco ASR 9000 Series Aggregation Services Routers 0', 'Cisco ASR 9922 Router 0', 'Cisco ASR 9912 Router 0', 'Cisco ASR 9904 Router 0', 'Cisco ASR 9010 Router 0', 'Cisco ASR 9006 Router 0', 'Cisco ASR 9001 Router 0']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "102905"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-0136"
    }
  },
  "description": "Cisco Aggregation Services Router\uff08ASR\uff099000 Series\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u76849000\u7cfb\u5217\u65e0\u7ebf\u63a7\u5236\u5668\u4ea7\u54c1\u3002Cisco IOS XR Software\u662f\u5176\u4e2d\u7684\u4e00\u5957\u6a21\u5757\u5316\u3001\u5206\u5e03\u5f0f\u7684\u7f51\u7edc\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nCisco Aggregation Services Router (ASR) 9000 Series\u4e2d\u7684Cisco IOS XR Software 5.3.4\u7248\u672c\u7684IPv6\u5b50\u7cfb\u7edf\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7684\u5904\u7406IPv6\u6570\u636e\u5305\u3002\u5f53\u8def\u7531\u5668\u5b89\u88c5\u6709\u57fa\u4e8eTrident\u7684\u7ebf\u5361\u5e76\u914d\u7f6e\u6709IPv6\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001IPv6\u6570\u636e\u5305\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u91cd\u542f\uff09\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://bst.cloudapps.cisco.com/bugsearch/bug/CSCvg46800",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-04722",
  "openTime": "2018-03-09",
  "patchDescription": "Cisco Aggregation Services Router\uff08ASR\uff099000 Series\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u76849000\u7cfb\u5217\u65e0\u7ebf\u63a7\u5236\u5668\u4ea7\u54c1\u3002Cisco IOS XR Software\u662f\u5176\u4e2d\u7684\u4e00\u5957\u6a21\u5757\u5316\u3001\u5206\u5e03\u5f0f\u7684\u7f51\u7edc\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nCisco Aggregation Services Router (ASR) 9000 Series\u4e2d\u7684Cisco IOS XR Software 5.3.4\u7248\u672c\u7684IPv6\u5b50\u7cfb\u7edf\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7684\u5904\u7406IPv6\u6570\u636e\u5305\u3002\u5f53\u8def\u7531\u5668\u5b89\u88c5\u6709\u57fa\u4e8eTrident\u7684\u7ebf\u5361\u5e76\u914d\u7f6e\u6709IPv6\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001IPv6\u6570\u636e\u5305\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u91cd\u542f\uff09\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Aggregation Services Router 9000 Series Cisco IOS XR Software\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco IOS XR Software 5.3.4",
      "Cisco ASR 9000 Series Aggregation Services Routers 0",
      "Cisco ASR 9922 Router 0",
      "Cisco ASR 9912 Router 0",
      "Cisco ASR 9904 Router 0",
      "Cisco ASR 9010 Router 0",
      "Cisco ASR 9006 Router 0",
      "Cisco ASR 9001 Router 0"
    ]
  },
  "referenceLink": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180131-ipv6",
  "serverity": "\u9ad8",
  "submitTime": "2018-02-02",
  "title": "Cisco Aggregation Services Router 9000 Series Cisco IOS XR Software\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

CVE-2018-0136 (GCVE-0-2018-0136)

Vulnerability from cvelistv5

Published

2018-01-31 20:00

Modified

2024-12-02 21:24

Severity ?

CWE

CWE-20

Summary

A vulnerability in the IPv6 subsystem of Cisco IOS XR Software Release 5.3.4 for the Cisco Aggregation Services Router (ASR) 9000 Series could allow an unauthenticated, remote attacker to trigger a reload of one or more Trident-based line cards, resulting in a denial of service (DoS) condition. The vulnerability is due to incorrect handling of IPv6 packets with a fragment header extension. An attacker could exploit this vulnerability by sending IPv6 packets designed to trigger the issue either to or through the Trident-based line card. A successful exploit could allow the attacker to trigger a reload of Trident-based line cards, resulting in a DoS during the period of time the line card takes to restart. This vulnerability affects Cisco Aggregation Services Router (ASR) 9000 Series when the following conditions are met: The router is running Cisco IOS XR Software Release 5.3.4, and the router has installed Trident-based line cards that have IPv6 configured. A software maintenance upgrade (SMU) has been made available that addresses this vulnerability. The fix has also been incorporated into service pack 7 for Cisco IOS XR Software Release 5.3.4. Cisco Bug IDs: CSCvg46800.

References

▼	URL	Tags
	http://www.securityfocus.com/bid/102905	vdb-entry, x_refsource_BID
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180131-ipv6	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1040315	vdb-entry, x_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	n/a	Cisco Aggregation Services Router 9000 Series	Version: Cisco Aggregation Services Router 9000 Series

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:14:16.885Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "102905",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102905"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180131-ipv6"
          },
          {
            "name": "1040315",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040315"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-0136",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-02T19:11:34.315844Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-02T21:24:47.666Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Aggregation Services Router 9000 Series",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco Aggregation Services Router 9000 Series"
            }
          ]
        }
      ],
      "datePublic": "2018-01-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the IPv6 subsystem of Cisco IOS XR Software Release 5.3.4 for the Cisco Aggregation Services Router (ASR) 9000 Series could allow an unauthenticated, remote attacker to trigger a reload of one or more Trident-based line cards, resulting in a denial of service (DoS) condition. The vulnerability is due to incorrect handling of IPv6 packets with a fragment header extension. An attacker could exploit this vulnerability by sending IPv6 packets designed to trigger the issue either to or through the Trident-based line card. A successful exploit could allow the attacker to trigger a reload of Trident-based line cards, resulting in a DoS during the period of time the line card takes to restart. This vulnerability affects Cisco Aggregation Services Router (ASR) 9000 Series when the following conditions are met: The router is running Cisco IOS XR Software Release 5.3.4, and the router has installed Trident-based line cards that have IPv6 configured. A software maintenance upgrade (SMU) has been made available that addresses this vulnerability. The fix has also been incorporated into service pack 7 for Cisco IOS XR Software Release 5.3.4. Cisco Bug IDs: CSCvg46800."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-03T10:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "102905",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102905"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180131-ipv6"
        },
        {
          "name": "1040315",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040315"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2018-0136",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Aggregation Services Router 9000 Series",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco Aggregation Services Router 9000 Series"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the IPv6 subsystem of Cisco IOS XR Software Release 5.3.4 for the Cisco Aggregation Services Router (ASR) 9000 Series could allow an unauthenticated, remote attacker to trigger a reload of one or more Trident-based line cards, resulting in a denial of service (DoS) condition. The vulnerability is due to incorrect handling of IPv6 packets with a fragment header extension. An attacker could exploit this vulnerability by sending IPv6 packets designed to trigger the issue either to or through the Trident-based line card. A successful exploit could allow the attacker to trigger a reload of Trident-based line cards, resulting in a DoS during the period of time the line card takes to restart. This vulnerability affects Cisco Aggregation Services Router (ASR) 9000 Series when the following conditions are met: The router is running Cisco IOS XR Software Release 5.3.4, and the router has installed Trident-based line cards that have IPv6 configured. A software maintenance upgrade (SMU) has been made available that addresses this vulnerability. The fix has also been incorporated into service pack 7 for Cisco IOS XR Software Release 5.3.4. Cisco Bug IDs: CSCvg46800."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "102905",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102905"
            },
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180131-ipv6",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180131-ipv6"
            },
            {
              "name": "1040315",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040315"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2018-0136",
    "datePublished": "2018-01-31T20:00:00",
    "dateReserved": "2017-11-27T00:00:00",
    "dateUpdated": "2024-12-02T21:24:47.666Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted