Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

fstec логотип

BDU:2019-00055

Опубликовано: 26 сент. 2018
Источник: fstec
CVSS3: 7.4
CVSS2: 5.7
EPSS Низкий

Описание

Уязвимость функции per-VLAN errdisable операционной системы Cisco IOS XE вызвана одновременным выполнением с использованием общего ресурса с неправильной синхронизацией («Ситуация гонки»). Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать перезагрузку устройства и отказ в обслуживании

Вендор

Cisco Systems Inc.

Наименование ПО

Cisco IOS XE

Версия ПО

3.6.5bE (Cisco IOS XE)
3.2.0JA (Cisco IOS XE)
3.7.0e (Cisco IOS XE)
3.7.1e (Cisco IOS XE)
3.7.2e (Cisco IOS XE)
3.7.4e (Cisco IOS XE)
3.7.5e (Cisco IOS XE)
3.7.3e (Cisco IOS XE)
3.2.0SE (Cisco IOS XE)
3.2.1SE (Cisco IOS XE)
3.2.2SE (Cisco IOS XE)
3.2.3SE (Cisco IOS XE)
3.3.0SE (Cisco IOS XE)
3.3.1SE (Cisco IOS XE)
3.3.2SE (Cisco IOS XE)
3.3.3SE (Cisco IOS XE)
3.3.4SE (Cisco IOS XE)
3.3.5SE (Cisco IOS XE)
3.3.0XO (Cisco IOS XE)
3.3.1XO (Cisco IOS XE)
3.3.2XO (Cisco IOS XE)
3.4.0SG (Cisco IOS XE)
3.4.2SG (Cisco IOS XE)
3.4.1SG (Cisco IOS XE)
3.4.3SG (Cisco IOS XE)
3.4.4SG (Cisco IOS XE)
3.4.5SG (Cisco IOS XE)
3.4.6SG (Cisco IOS XE)
3.4.7SG (Cisco IOS XE)
3.4.8SG (Cisco IOS XE)
3.5.0E (Cisco IOS XE)
3.5.1E (Cisco IOS XE)
3.5.2E (Cisco IOS XE)
3.5.3E (Cisco IOS XE)
3.6.0E (Cisco IOS XE)
3.6.1E (Cisco IOS XE)
3.6.0aE (Cisco IOS XE)
3.6.0bE (Cisco IOS XE)
3.6.2aE (Cisco IOS XE)
3.6.2E (Cisco IOS XE)
3.6.3E (Cisco IOS XE)
3.6.4E (Cisco IOS XE)
3.6.5E (Cisco IOS XE)
3.6.6E (Cisco IOS XE)
3.6.5aE (Cisco IOS XE)
3.6.7E (Cisco IOS XE)
3.6.7aE (Cisco IOS XE)
3.6.7bE (Cisco IOS XE)
3.8.0E (Cisco IOS XE)
3.8.1E (Cisco IOS XE)
3.8.2E (Cisco IOS XE)
3.8.3E (Cisco IOS XE)
3.8.4E (Cisco IOS XE)
3.8.5E (Cisco IOS XE)
3.8.5aE (Cisco IOS XE)
3.9.0E (Cisco IOS XE)
3.9.1E (Cisco IOS XE)
3.9.2E (Cisco IOS XE)
3.9.2bE (Cisco IOS XE)
3.10.0E (Cisco IOS XE)
3.2.1SG (Cisco IOS XE)
3.2.2SG (Cisco IOS XE)
3.2.3SG (Cisco IOS XE)
3.2.4SG (Cisco IOS XE)
3.2.5SG (Cisco IOS XE)
3.2.6SG (Cisco IOS XE)
3.2.7SG (Cisco IOS XE)
3.2.8SG (Cisco IOS XE)
3.2.9SG (Cisco IOS XE)
3.2.10SG (Cisco IOS XE)
3.2.11SG (Cisco IOS XE)
3.2.0XO (Cisco IOS XE)
3.3.0SG (Cisco IOS XE)
3.3.2SG (Cisco IOS XE)
3.3.1SG (Cisco IOS XE)
3.3.0SQ (Cisco IOS XE)
3.3.1SQ (Cisco IOS XE)
3.4.0SQ (Cisco IOS XE)
3.4.1SQ (Cisco IOS XE)
3.5.0SQ (Cisco IOS XE)
3.5.1SQ (Cisco IOS XE)
3.5.2SQ (Cisco IOS XE)
3.5.3SQ (Cisco IOS XE)
3.5.4SQ (Cisco IOS XE)
3.5.5SQ (Cisco IOS XE)
3.5.6SQ (Cisco IOS XE)
3.5.7SQ (Cisco IOS XE)

Тип ПО

Операционная система

Операционные системы и аппаратные платформы

Cisco Systems Inc. Cisco IOS XE 3.6.5bE
Cisco Systems Inc. Cisco IOS XE 3.2.0JA
Cisco Systems Inc. Cisco IOS XE 3.7.0e
Cisco Systems Inc. Cisco IOS XE 3.7.1e
Cisco Systems Inc. Cisco IOS XE 3.7.2e
Cisco Systems Inc. Cisco IOS XE 3.7.4e
Cisco Systems Inc. Cisco IOS XE 3.7.5e
Cisco Systems Inc. Cisco IOS XE 3.7.3e
Cisco Systems Inc. Cisco IOS XE 3.2.0SE
Cisco Systems Inc. Cisco IOS XE 3.2.1SE
Cisco Systems Inc. Cisco IOS XE 3.2.2SE
Cisco Systems Inc. Cisco IOS XE 3.2.3SE
Cisco Systems Inc. Cisco IOS XE 3.3.0SE
Cisco Systems Inc. Cisco IOS XE 3.3.1SE
Cisco Systems Inc. Cisco IOS XE 3.3.2SE
Cisco Systems Inc. Cisco IOS XE 3.3.3SE
Cisco Systems Inc. Cisco IOS XE 3.3.4SE
Cisco Systems Inc. Cisco IOS XE 3.3.5SE
Cisco Systems Inc. Cisco IOS XE 3.3.0XO
Cisco Systems Inc. Cisco IOS XE 3.3.1XO
Cisco Systems Inc. Cisco IOS XE 3.3.2XO
Cisco Systems Inc. Cisco IOS XE 3.4.0SG
Cisco Systems Inc. Cisco IOS XE 3.4.2SG
Cisco Systems Inc. Cisco IOS XE 3.4.1SG
Cisco Systems Inc. Cisco IOS XE 3.4.3SG
Cisco Systems Inc. Cisco IOS XE 3.4.4SG
Cisco Systems Inc. Cisco IOS XE 3.4.5SG
Cisco Systems Inc. Cisco IOS XE 3.4.6SG
Cisco Systems Inc. Cisco IOS XE 3.4.7SG
Cisco Systems Inc. Cisco IOS XE 3.4.8SG
Cisco Systems Inc. Cisco IOS XE 3.5.0E
Cisco Systems Inc. Cisco IOS XE 3.5.1E
Cisco Systems Inc. Cisco IOS XE 3.5.2E
Cisco Systems Inc. Cisco IOS XE 3.5.3E
Cisco Systems Inc. Cisco IOS XE 3.6.0E
Cisco Systems Inc. Cisco IOS XE 3.6.1E
Cisco Systems Inc. Cisco IOS XE 3.6.0aE
Cisco Systems Inc. Cisco IOS XE 3.6.0bE
Cisco Systems Inc. Cisco IOS XE 3.6.2aE
Cisco Systems Inc. Cisco IOS XE 3.6.2E
Cisco Systems Inc. Cisco IOS XE 3.6.3E
Cisco Systems Inc. Cisco IOS XE 3.6.4E
Cisco Systems Inc. Cisco IOS XE 3.6.5E
Cisco Systems Inc. Cisco IOS XE 3.6.6E
Cisco Systems Inc. Cisco IOS XE 3.6.5aE
Cisco Systems Inc. Cisco IOS XE 3.6.7E
Cisco Systems Inc. Cisco IOS XE 3.6.7aE
Cisco Systems Inc. Cisco IOS XE 3.6.7bE
Cisco Systems Inc. Cisco IOS XE 3.8.0E
Cisco Systems Inc. Cisco IOS XE 3.8.1E
Cisco Systems Inc. Cisco IOS XE 3.8.2E
Cisco Systems Inc. Cisco IOS XE 3.8.3E
Cisco Systems Inc. Cisco IOS XE 3.8.4E
Cisco Systems Inc. Cisco IOS XE 3.8.5E
Cisco Systems Inc. Cisco IOS XE 3.8.5aE
Cisco Systems Inc. Cisco IOS XE 3.9.0E
Cisco Systems Inc. Cisco IOS XE 3.9.1E
Cisco Systems Inc. Cisco IOS XE 3.9.2E
Cisco Systems Inc. Cisco IOS XE 3.9.2bE
Cisco Systems Inc. Cisco IOS XE 3.10.0E
Cisco Systems Inc. Cisco IOS XE 3.2.1SG
Cisco Systems Inc. Cisco IOS XE 3.2.2SG
Cisco Systems Inc. Cisco IOS XE 3.2.3SG
Cisco Systems Inc. Cisco IOS XE 3.2.4SG
Cisco Systems Inc. Cisco IOS XE 3.2.5SG
Cisco Systems Inc. Cisco IOS XE 3.2.6SG
Cisco Systems Inc. Cisco IOS XE 3.2.7SG
Cisco Systems Inc. Cisco IOS XE 3.2.8SG
Cisco Systems Inc. Cisco IOS XE 3.2.9SG
Cisco Systems Inc. Cisco IOS XE 3.2.10SG
Cisco Systems Inc. Cisco IOS XE 3.2.11SG
Cisco Systems Inc. Cisco IOS XE 3.2.0XO
Cisco Systems Inc. Cisco IOS XE 3.3.0SG
Cisco Systems Inc. Cisco IOS XE 3.3.2SG
Cisco Systems Inc. Cisco IOS XE 3.3.1SG
Cisco Systems Inc. Cisco IOS XE 3.3.0SQ
Cisco Systems Inc. Cisco IOS XE 3.3.1SQ
Cisco Systems Inc. Cisco IOS XE 3.4.0SQ
Cisco Systems Inc. Cisco IOS XE 3.4.1SQ
Cisco Systems Inc. Cisco IOS XE 3.5.0SQ
Cisco Systems Inc. Cisco IOS XE 3.5.1SQ
Cisco Systems Inc. Cisco IOS XE 3.5.2SQ
Cisco Systems Inc. Cisco IOS XE 3.5.3SQ
Cisco Systems Inc. Cisco IOS XE 3.5.4SQ
Cisco Systems Inc. Cisco IOS XE 3.5.5SQ
Cisco Systems Inc. Cisco IOS XE 3.5.6SQ
Cisco Systems Inc. Cisco IOS XE 3.5.7SQ

Уровень опасности уязвимости

Средний уровень опасности (базовая оценка CVSS 2.0 составляет 5,7)
Высокий уровень опасности (базовая оценка CVSS 3.0 составляет 7,4)

Возможные меры по устранению уязвимости

Обновление программного обеспечения до более поздней версии

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Данные уточняются

Информация об устранении

Уязвимость устранена

Ссылки на источники

Идентификаторы других систем описаний уязвимостей

EPSS

Процентиль: 38%
0.00169
Низкий

7.4 High

CVSS3

5.7 Medium

CVSS2

Связанные уязвимости

nvd логотип

CVE-2018-0480

CVSS3: 6.1
nvd
больше 7 лет назад

A vulnerability in the errdisable per VLAN feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause the device to crash, leading to a denial of service (DoS) condition. The vulnerability is due to a race condition that occurs when the VLAN and port enter an errdisabled state, resulting in an incorrect state in the software. An attacker could exploit this vulnerability by sending frames that trigger the errdisable condition. A successful exploit could allow the attacker to cause the affected device to crash, leading to a DoS condition.

github логотип

GHSA-2q4r-gmc8-6577

CVSS3: 6.1
github
больше 3 лет назад

A vulnerability in the errdisable per VLAN feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause the device to crash, leading to a denial of service (DoS) condition. The vulnerability is due to a race condition that occurs when the VLAN and port enter an errdisabled state, resulting in an incorrect state in the software. An attacker could exploit this vulnerability by sending frames that trigger the errdisable condition. A successful exploit could allow the attacker to cause the affected device to crash, leading to a DoS condition.

EPSS

Процентиль: 38%
0.00169
Низкий

7.4 High

CVSS3

5.7 Medium

CVSS2