Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-0136

Опубликовано: 31 янв. 2018
Источник: nvd
CVSS3: 8.6
CVSS2: 7.8
EPSS Низкий

Описание

A vulnerability in the IPv6 subsystem of Cisco IOS XR Software Release 5.3.4 for the Cisco Aggregation Services Router (ASR) 9000 Series could allow an unauthenticated, remote attacker to trigger a reload of one or more Trident-based line cards, resulting in a denial of service (DoS) condition. The vulnerability is due to incorrect handling of IPv6 packets with a fragment header extension. An attacker could exploit this vulnerability by sending IPv6 packets designed to trigger the issue either to or through the Trident-based line card. A successful exploit could allow the attacker to trigger a reload of Trident-based line cards, resulting in a DoS during the period of time the line card takes to restart. This vulnerability affects Cisco Aggregation Services Router (ASR) 9000 Series when the following conditions are met: The router is running Cisco IOS XR Software Release 5.3.4, and the router has installed Trident-based line cards that have IPv6 configured. A software maintenance upgra

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:cisco:ios_xr:5.3.4:*:*:*:*:*:*:*

Одно из

cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:*:*

EPSS

Процентиль: 80%
0.01379
Низкий

8.6 High

CVSS3

7.8 High

CVSS2

Дефекты

CWE-20
NVD-CWE-Other

Связанные уязвимости

github логотип

GHSA-4wcf-6qr4-2vx5

CVSS3: 8.6
github
больше 3 лет назад

A vulnerability in the IPv6 subsystem of Cisco IOS XR Software Release 5.3.4 for the Cisco Aggregation Services Router (ASR) 9000 Series could allow an unauthenticated, remote attacker to trigger a reload of one or more Trident-based line cards, resulting in a denial of service (DoS) condition. The vulnerability is due to incorrect handling of IPv6 packets with a fragment header extension. An attacker could exploit this vulnerability by sending IPv6 packets designed to trigger the issue either to or through the Trident-based line card. A successful exploit could allow the attacker to trigger a reload of Trident-based line cards, resulting in a DoS during the period of time the line card takes to restart. This vulnerability affects Cisco Aggregation Services Router (ASR) 9000 Series when the following conditions are met: The router is running Cisco IOS XR Software Release 5.3.4, and the router has installed Trident-based line cards that have IPv6 configured. A software maintenance up...

EPSS

Процентиль: 80%
0.01379
Низкий

8.6 High

CVSS3

7.8 High

CVSS2

Дефекты

CWE-20
NVD-CWE-Other