Vulnerabilities > CVE-2018-0177 - Unspecified vulnerability in Cisco IOS XE Denali16.3.1/Denali16.3.3

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
cisco
nessus

Summary

A vulnerability in the IP Version 4 (IPv4) processing code of Cisco IOS XE Software running on Cisco Catalyst 3850 and Cisco Catalyst 3650 Series Switches could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain IPv4 packets. An attacker could exploit this vulnerability by sending specific IPv4 packets to an IPv4 address on an affected device. A successful exploit could allow the attacker to cause high CPU utilization, traceback messages, or a reload of the affected device that leads to a DoS condition. If the switch does not reboot when under attack, it would require manual intervention to reload the device. This vulnerability affects Cisco Catalyst 3850 and Cisco Catalyst 3650 Series Switches that are running Cisco IOS XE Software Release 16.1.1 or later, until the first fixed release, and are configured with an IPv4 address. Cisco Bug IDs: CSCvd80714.

Vulnerable Configurations

Part Description Count
OS
Cisco
2
Hardware
Cisco
116

Nessus

NASL familyCISCO
NASL idCISCO-SA-20180328-IPV4.NASL
descriptionAccording to its self-reported version, Cisco IOS XE Software is affected by a vulnerability in the IP Version 4 (IPv4) processing code of Cisco IOS XE Software running on Cisco Catalyst 3850 and Cisco Catalyst 3650 Series Switches could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain IPv4 packets. An attacker could exploit this vulnerability by sending specific IPv4 packets to an IPv4 address on an affected device. A successful exploit could allow the attacker to cause high CPU utilization, traceback messages, or a reload of the affected device that leads to a DoS condition. If the switch does not reboot when under attack, it would require manual intervention to reload the device.
last seen2020-04-30
modified2019-04-19
plugin id124196
published2019-04-19
reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/124196
titleCisco IOS XE Software for Cisco Catalyst Switches IPv4 Denial of Service Vulnerability
code
#TRUSTED 37f5523f0590e8b6c0423d6632fb7c22a482c7a13374d970cafbebe24ac2aea5e72c436a032a9b844dac13d4410876f92aabdb96edb30381a002ebe96050b1f4db1b1475a508abbd6534da957fadc3972487e5ecf7141fbdc440a90076c9f7640b38824f1e68adf2c701854ecf3aec6278ba225bed8162c9b22d885688e940c056eb03031b6a94db2eafbd07552e63947bbadf06166662c2bdad321d146d95fb783a4d4be61170b446a9b06e414cbe2acfce19a861161982420bc7e502f8fd879a5f672a9130b6ba01ac5c1d778973b8a3c9657ee79a15f8d340dfc0e29196bc4573af953e3adc544b1511cd1a7dcc1973c670999346115bc0800f87fe4bcb1a64f654fd745ecca788187100b3a334db4d1b4df4a31a33278d4a172558d6ff8134db9085d1913e6588d2618b4f99addde0acf9c86bc655ebdc906a2c77be6254b08d313594aab1a2c9ed61082085ead42a5aa1408e9cb1eb733fd60ea3bc5be591a7f9ecb8f931ca072957686fb51b4c2d5f7f3d088c5eec2f307f05b8216851d3b8ec6c9173923c2c584fa906238474934cf6e34d0c354a4cf1f516521bc3871f8ebc53f8f5da793f0a5b8176287324cb31aec411623efd92f2e5505de6a886529557d50672f9484c7b6a6b8e712a82a36ea1aa14e567f8a07152f316b00a903cd646c7080128d5f661e183ff3b930a59191eee17c86bc1bd14e37b9b530073

#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(124196);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/29");

  script_cve_id("CVE-2018-0177");
  script_xref(name:"CISCO-BUG-ID", value:"CSCvd80714");
  script_xref(name:"CISCO-SA", value:"cisco-sa-20180328-ipv4");

  script_name(english:"Cisco IOS XE Software for Cisco Catalyst Switches IPv4 Denial of Service Vulnerability");
  script_summary(english:"Checks the version of Cisco IOS XE Software");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version, Cisco IOS XE Software is
affected by a vulnerability in the IP Version 4 (IPv4) processing code
of Cisco IOS XE Software running on Cisco Catalyst 3850 and
Cisco Catalyst 3650 Series Switches could allow an unauthenticated,
remote attacker to cause high CPU utilization, traceback messages,
or a reload of an affected device that leads to a denial of service
(DoS) condition.

The vulnerability is due to incorrect processing
of certain IPv4 packets. An attacker could exploit this vulnerability
by sending specific IPv4 packets to an IPv4 address on an affected
device. A successful exploit could allow the attacker to cause high
CPU utilization, traceback messages, or a reload of the affected
device that leads to a DoS condition. If the switch does not reboot
when under attack, it would require manual intervention to reload
the device.");
  # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-ipv4
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a61dfafd");
  # https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd80714
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?00b9b268");
  script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID
CSCvd80714");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-0177");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/03/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/19");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios_xe");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("cisco_ios_xe_version.nasl");
  script_require_keys("Host/Cisco/IOS-XE/Version", "Host/Cisco/IOS-XE/Model");

  exit(0);
}

include('cisco_workarounds.inc');
include('ccf.inc');

product_info = cisco::get_product_info(name:"Cisco IOS XE Software");
device_model = get_kb_item_or_exit('Host/Cisco/device_model');
model = get_kb_item('Host/Cisco/IOS-XE/Model');

if( device_model !~ 'cat' || (model !~ '3850' && model !~ '3650')) audit(AUDIT_HOST_NOT, "affected");

version_list=make_list(
'3.18.3bSP',
'16.1.1',
'16.1.2',
'16.1.3',
'16.2.1',
'16.2.2',
'16.3.1',
'16.3.2',
'16.3.3',
'16.3.1a',
'16.4.1',
'16.4.2',
'16.4.3',
'16.5.1',
'16.5.1b'
);

reporting = make_array(
  'port'     , 0,
  'severity' , SECURITY_HOLE,
  'version'  , product_info['version'],
  'bug_id'   , 'CSCvd80714'
);

cisco::check_and_report(product_info:product_info, reporting:reporting, vuln_versions:version_list);