cnvd - cnvd-2018-07763

cnvd-2018-07763

Vulnerability from cnvd

Title

Cisco Catalyst 3850和Catalyst 3650 Series Switches IOS XE Software拒绝服务漏洞

Description

Cisco Catalyst 3850和Catalyst 3650 Series Switches都是美国思科（Cisco）公司的不同系列的交换机设备。IOS XE Software是运行在其中的一套Cisco设备专用的操作系统。 Cisco Catalyst 3850和Catalyst 3650 Series Switches中的IOS XE Software的IP 4版本(IPv4)处理代码存在拒绝服务漏洞，该漏洞程序未能正确处理IPv4数据包。远程攻击者可通过向设备的IPv4地址发送IPv4数据包利用该漏洞造成拒绝服务（大量CPU占用或设备重新加载）。

Severity

高

Patch Name

Cisco Catalyst 3850和Catalyst 3650 Series Switches IOS XE Software拒绝服务漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-ipv4

Reference

https://www.securityfocus.com/bid/103563

Impacted products

Name
['Cisco Catalyst 3650 Series Switches 0', 'Cisco Catalyst 3850 Series']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "103563"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-0177"
    }
  },
  "description": "Cisco Catalyst 3850\u548cCatalyst 3650 Series Switches\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e0d\u540c\u7cfb\u5217\u7684\u4ea4\u6362\u673a\u8bbe\u5907\u3002IOS XE Software\u662f\u8fd0\u884c\u5728\u5176\u4e2d\u7684\u4e00\u5957Cisco\u8bbe\u5907\u4e13\u7528\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nCisco Catalyst 3850\u548cCatalyst 3650 Series Switches\u4e2d\u7684IOS XE Software\u7684IP 4\u7248\u672c(IPv4)\u5904\u7406\u4ee3\u7801\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u5904\u7406IPv4\u6570\u636e\u5305\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5411\u8bbe\u5907\u7684IPv4\u5730\u5740\u53d1\u9001IPv4\u6570\u636e\u5305\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u5927\u91cfCPU\u5360\u7528\u6216\u8bbe\u5907\u91cd\u65b0\u52a0\u8f7d\uff09\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-ipv4",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-07763",
  "openTime": "2018-04-17",
  "patchDescription": "Cisco Catalyst 3850\u548cCatalyst 3650 Series Switches\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e0d\u540c\u7cfb\u5217\u7684\u4ea4\u6362\u673a\u8bbe\u5907\u3002IOS XE Software\u662f\u8fd0\u884c\u5728\u5176\u4e2d\u7684\u4e00\u5957Cisco\u8bbe\u5907\u4e13\u7528\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nCisco Catalyst 3850\u548cCatalyst 3650 Series Switches\u4e2d\u7684IOS XE Software\u7684IP 4\u7248\u672c(IPv4)\u5904\u7406\u4ee3\u7801\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u5904\u7406IPv4\u6570\u636e\u5305\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5411\u8bbe\u5907\u7684IPv4\u5730\u5740\u53d1\u9001IPv4\u6570\u636e\u5305\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u5927\u91cfCPU\u5360\u7528\u6216\u8bbe\u5907\u91cd\u65b0\u52a0\u8f7d\uff09\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Catalyst 3850\u548cCatalyst 3650 Series Switches IOS XE Software\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco Catalyst 3650 Series Switches 0",
      "Cisco Catalyst 3850 Series"
    ]
  },
  "referenceLink": "https://www.securityfocus.com/bid/103563",
  "serverity": "\u9ad8",
  "submitTime": "2018-03-29",
  "title": "Cisco Catalyst 3850\u548cCatalyst 3650 Series Switches IOS XE Software\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

CVE-2018-0177 (GCVE-0-2018-0177)

Vulnerability from cvelistv5

Published

2018-03-28 22:00

Modified

2024-12-02 20:53

Severity ?

CWE

CWE-19

Summary

A vulnerability in the IP Version 4 (IPv4) processing code of Cisco IOS XE Software running on Cisco Catalyst 3850 and Cisco Catalyst 3650 Series Switches could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain IPv4 packets. An attacker could exploit this vulnerability by sending specific IPv4 packets to an IPv4 address on an affected device. A successful exploit could allow the attacker to cause high CPU utilization, traceback messages, or a reload of the affected device that leads to a DoS condition. If the switch does not reboot when under attack, it would require manual intervention to reload the device. This vulnerability affects Cisco Catalyst 3850 and Cisco Catalyst 3650 Series Switches that are running Cisco IOS XE Software Release 16.1.1 or later, until the first fixed release, and are configured with an IPv4 address. Cisco Bug IDs: CSCvd80714.

References

URL

Tags

	http://www.securityfocus.com/bid/103563	vdb-entry, x_refsource_BID
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-ipv4	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1040588	vdb-entry, x_refsource_SECTRACK