Denali16.3.3

CVSS 7.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

network

low complexity

cisco

nessus

NVD

Published: 2018-03-28

Updated: 2021-10-18

Summary

A vulnerability in the IP Version 4 (IPv4) processing code of Cisco IOS XE Software running on Cisco Catalyst 3850 and Cisco Catalyst 3650 Series Switches could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain IPv4 packets. An attacker could exploit this vulnerability by sending specific IPv4 packets to an IPv4 address on an affected device. A successful exploit could allow the attacker to cause high CPU utilization, traceback messages, or a reload of the affected device that leads to a DoS condition. If the switch does not reboot when under attack, it would require manual intervention to reload the device. This vulnerability affects Cisco Catalyst 3850 and Cisco Catalyst 3650 Series Switches that are running Cisco IOS XE Software Release 16.1.1 or later, until the first fixed release, and are configured with an IPv4 address. Cisco Bug IDs: CSCvd80714.

Vulnerable Configurations

Part	Description	Count
OS	Cisco Cisco IOS XE Denali-16.3.3 Cisco IOS XE Denali-16.3.1	2
Hardware	Cisco Cisco Catalyst 3850 24U S - Cisco Catalyst 3650 24Td S - Cisco Catalyst 3650 48Fs S - Cisco Catalyst 3850 24U L - Cisco Catalyst 3650 8X24Uq E - Cisco Catalyst 3850 24S S - Cisco Catalyst 3650 12X48Uq E - Cisco Catalyst 3650 48Fqm S - Cisco Catalyst 3650 24Ps L - Cisco Catalyst 3650 24Ts S - Cisco Catalyst 3850 24Xu S - Cisco Catalyst 3850 48Xs S - Cisco ASR 1001 X - Cisco ASR 1000 Series Route Processor (Rp2) - Cisco Catalyst 3850 48F S - Cisco 4451 X Integrated Services Router - Cisco 4351 Integrated Services Router - Cisco Catalyst 3650 12X48Ur E - Cisco Catalyst 3650 48Ts E - Cisco Catalyst 3650 48Fs E - Cisco Catalyst 3650 48Pd E - Cisco ASR 1001 HX - Cisco Catalyst 3650 24Ts L - Cisco Catalyst 3850 24S E - Cisco Catalyst 3850 12Xs E - Cisco Catalyst 3650 48Td S - Cisco Catalyst 3650 48Ts S - Cisco Catalyst 3650 48Td L - Cisco Catalyst 3850 48F L - Cisco Catalyst 3850 48Xs E - Cisco Catalyst 3650 12X48Uq L - Cisco Catalyst 3650 12X48Ur L - Cisco Catalyst 3850 48P E - Cisco Catalyst 3650 48Fqm L - Cisco Catalyst 3850 48T S - Cisco Catalyst 3650 12X48Fd L - Cisco Catalyst 3850 48Xs F E - Cisco ASR 1002 X - Cisco Catalyst 3850 48T E - Cisco Catalyst 3850 12S S - Cisco Catalyst 3650 24Pd S - Cisco Catalyst 3850 48U L - Cisco Catalyst 3850 48U S - Cisco Catalyst 3850 32Xs S - Cisco Catalyst 3650 48Pd S - Cisco Catalyst 3650 12X48Ur S - Cisco Catalyst 3850 48U E - Cisco Catalyst 3850 48T L - Cisco Catalyst 3650 24Ps S - Cisco Catalyst 3650 48Ts L - Cisco Catalyst 3650 48Fd E - Cisco ASR 1002 HX - Cisco Catalyst 3650 48Fd S - Cisco Catalyst 3650 24Pdm L - Cisco Catalyst 3650 48Fd L - Cisco Catalyst 3650 48Ps E - Cisco ASR 1000 Series Route Processor (Rp3) - Cisco Catalyst 3850 24P S - Cisco Catalyst 3650 48Pq L - Cisco Catalyst 3650 24Pdm E - Cisco Catalyst 3850 32Xs E - Cisco Catalyst 3650 8X24Pd L - Cisco Catalyst 3850 48Xs F S - Cisco Catalyst 3650 48Tq L - Cisco Catalyst 3850 16Xs S - Cisco Catalyst 3650 48Ps L - Cisco Catalyst 3850 24T E - Cisco 4321 Integrated Services Router - Cisco Catalyst 3650 48Pq S - Cisco Catalyst 3850 48P L - Cisco Catalyst 3650 24Pd L - Cisco 4431 Integrated Services Router - Cisco Catalyst 3650 48Fs L - Cisco Catalyst 3650 24Td E - Cisco Catalyst 3850 16Xs E - Cisco Catalyst 3650 48Fq L - Cisco Cloud Services Router 1000V - Cisco Catalyst 3850 24Xs E - Cisco Catalyst 3650 48Tq S - Cisco Catalyst 3850 48P S - Cisco Catalyst 3850 12Xs S - Cisco Catalyst 3650 48Fqm E - Cisco Catalyst 3650 48Ps S - Cisco Catalyst 3850 24Xs S - Cisco Catalyst C3850 12X48U S - Cisco Catalyst 3650 48Pq E - Cisco Catalyst 3650 8X24Pd S - Cisco Catalyst 3650 12X48Uq S - Cisco Catalyst 3650 48Td E - Cisco Catalyst 3850 12S E - Cisco Catalyst 3650 24Pd E - Cisco Catalyst 3650 48Fq E - Cisco Catalyst 3850 24P L - Cisco Catalyst 3850 24Xu L - Cisco Catalyst 3650 8X24Pd E - Cisco Catalyst 3850 24T L - Cisco 4331 Integrated Services Router - Cisco Catalyst 3850 48F E - Cisco Catalyst C3850 12X48U E - Cisco Catalyst 3650 24Ps E - Cisco Catalyst 3650 24Pdm S - Cisco Catalyst 3650 8X24Uq L - Cisco Catalyst 3650 48Pd L - Cisco Catalyst 3650 48Fq S - Cisco Catalyst 3850 24P E - Cisco Catalyst 3850 24U E - Cisco Catalyst 3650 24Ts E - Cisco Catalyst 3850 24T S - Cisco Catalyst 3650 8X24Uq S - Cisco Catalyst 3650 48Tq E - Cisco Catalyst 3650 12X48Fd S - Cisco Catalyst C3850 12X48U L - Cisco Catalyst 3650 12X48Uz E - Cisco Catalyst 3650 24Td L - Cisco Catalyst 3850 24Xu E - Cisco Catalyst 3650 12X48Fd E -	116

Nessus

NASL family	CISCO
NASL id	CISCO-SA-20180328-IPV4.NASL
description	According to its self-reported version, Cisco IOS XE Software is affected by a vulnerability in the IP Version 4 (IPv4) processing code of Cisco IOS XE Software running on Cisco Catalyst 3850 and Cisco Catalyst 3650 Series Switches could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain IPv4 packets. An attacker could exploit this vulnerability by sending specific IPv4 packets to an IPv4 address on an affected device. A successful exploit could allow the attacker to cause high CPU utilization, traceback messages, or a reload of the affected device that leads to a DoS condition. If the switch does not reboot when under attack, it would require manual intervention to reload the device.
last seen	2020-04-30
modified	2019-04-19
plugin id	124196
published	2019-04-19
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/124196
title	Cisco IOS XE Software for Cisco Catalyst Switches IPv4 Denial of Service Vulnerability
code	#TRUSTED 37f5523f0590e8b6c0423d6632fb7c22a482c7a13374d970cafbebe24ac2aea5e72c436a032a9b844dac13d4410876f92aabdb96edb30381a002ebe96050b1f4db1b1475a508abbd6534da957fadc3972487e5ecf7141fbdc440a90076c9f7640b38824f1e68adf2c701854ecf3aec6278ba225bed8162c9b22d885688e940c056eb03031b6a94db2eafbd07552e63947bbadf06166662c2bdad321d146d95fb783a4d4be61170b446a9b06e414cbe2acfce19a861161982420bc7e502f8fd879a5f672a9130b6ba01ac5c1d778973b8a3c9657ee79a15f8d340dfc0e29196bc4573af953e3adc544b1511cd1a7dcc1973c670999346115bc0800f87fe4bcb1a64f654fd745ecca788187100b3a334db4d1b4df4a31a33278d4a172558d6ff8134db9085d1913e6588d2618b4f99addde0acf9c86bc655ebdc906a2c77be6254b08d313594aab1a2c9ed61082085ead42a5aa1408e9cb1eb733fd60ea3bc5be591a7f9ecb8f931ca072957686fb51b4c2d5f7f3d088c5eec2f307f05b8216851d3b8ec6c9173923c2c584fa906238474934cf6e34d0c354a4cf1f516521bc3871f8ebc53f8f5da793f0a5b8176287324cb31aec411623efd92f2e5505de6a886529557d50672f9484c7b6a6b8e712a82a36ea1aa14e567f8a07152f316b00a903cd646c7080128d5f661e183ff3b930a59191eee17c86bc1bd14e37b9b530073 # # (C) Tenable Network Security, Inc. # include('compat.inc'); if (description) { script_id(124196); script_version("1.8"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/29"); script_cve_id("CVE-2018-0177"); script_xref(name:"CISCO-BUG-ID", value:"CSCvd80714"); script_xref(name:"CISCO-SA", value:"cisco-sa-20180328-ipv4"); script_name(english:"Cisco IOS XE Software for Cisco Catalyst Switches IPv4 Denial of Service Vulnerability"); script_summary(english:"Checks the version of Cisco IOS XE Software"); script_set_attribute(attribute:"synopsis", value: "The remote device is missing a vendor-supplied security patch"); script_set_attribute(attribute:"description", value: "According to its self-reported version, Cisco IOS XE Software is affected by a vulnerability in the IP Version 4 (IPv4) processing code of Cisco IOS XE Software running on Cisco Catalyst 3850 and Cisco Catalyst 3650 Series Switches could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain IPv4 packets. An attacker could exploit this vulnerability by sending specific IPv4 packets to an IPv4 address on an affected device. A successful exploit could allow the attacker to cause high CPU utilization, traceback messages, or a reload of the affected device that leads to a DoS condition. If the switch does not reboot when under attack, it would require manual intervention to reload the device."); # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-ipv4 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a61dfafd"); # https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd80714 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?00b9b268"); script_set_attribute(attribute:"solution", value: "Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvd80714"); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-0177"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/28"); script_set_attribute(attribute:"patch_publication_date", value:"2018/03/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/19"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios_xe"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CISCO"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("cisco_ios_xe_version.nasl"); script_require_keys("Host/Cisco/IOS-XE/Version", "Host/Cisco/IOS-XE/Model"); exit(0); } include('cisco_workarounds.inc'); include('ccf.inc'); product_info = cisco::get_product_info(name:"Cisco IOS XE Software"); device_model = get_kb_item_or_exit('Host/Cisco/device_model'); model = get_kb_item('Host/Cisco/IOS-XE/Model'); if( device_model !~ 'cat' \|\| (model !~ '3850' && model !~ '3650')) audit(AUDIT_HOST_NOT, "affected"); version_list=make_list( '3.18.3bSP', '16.1.1', '16.1.2', '16.1.3', '16.2.1', '16.2.2', '16.3.1', '16.3.2', '16.3.3', '16.3.1a', '16.4.1', '16.4.2', '16.4.3', '16.5.1', '16.5.1b' ); reporting = make_array( 'port' , 0, 'severity' , SECURITY_HOLE, 'version' , product_info['version'], 'bug_id' , 'CSCvd80714' ); cisco::check_and_report(product_info:product_info, reporting:reporting, vuln_versions:version_list);

Summary

Vulnerable Configurations

Nessus

References