CVE Vulnerability

CVE-2018-0286

A vulnerability in the netconf interface of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on affected system. The vulnerability is due to improper handling of malformed requests processed by the netconf process. An attacker could exploit this vulnerability by sending malicious requests to the affected software. An exploit could allow the attacker to cause the targeted process to restart, resulting in a DoS condition on the affected system. Cisco Bug IDs: CSCvg95792.

5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

Scope

5.3 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-iosxr Vendor Advisory
http://www.securitytracker.com/id/1040827 Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/104083 Third Party Advisory VDB Entry
Configurations

Configuration 1

cpe:2.3:o:cisco:ios_xr:6.5.1:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios_xr:6.3.1:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios_xr:6.3.2:*:*:*:*:*:*:*
Information

Published : 2018-05-02 10:29

Updated : 2020-09-09 03:10

NVD link : CVE-2018-0286

Mitre link : CVE-2018-0286

Products Affected
No products.
CWE
CWE-755