cnvd - cnvd-2018-04722

CNVD-2018-04722

Vulnerability from cnvd - Published: 2018-03-09

Title

Cisco Aggregation Services Router 9000 Series Cisco IOS XR Software拒绝服务漏洞

Description

Cisco Aggregation Services Router（ASR）9000 Series是美国思科（Cisco）公司的9000系列无线控制器产品。Cisco IOS XR Software是其中的一套模块化、分布式的网络操作系统。 Cisco Aggregation Services Router (ASR) 9000 Series中的Cisco IOS XR Software 5.3.4版本的IPv6子系统存在拒绝服务漏洞，该漏洞源于程序未能正确的处理IPv6数据包。当路由器安装有基于Trident的线卡并配置有IPv6，远程攻击者可通过发送IPv6数据包利用该漏洞造成拒绝服务（重启）。

Severity

高

Patch Name

Cisco Aggregation Services Router 9000 Series Cisco IOS XR Software拒绝服务漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvg46800

Reference

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180131-ipv6

Impacted products

Name
['Cisco IOS XR Software 5.3.4', 'Cisco ASR 9000 Series Aggregation Services Routers 0', 'Cisco ASR 9922 Router 0', 'Cisco ASR 9912 Router 0', 'Cisco ASR 9904 Router 0', 'Cisco ASR 9010 Router 0', 'Cisco ASR 9006 Router 0', 'Cisco ASR 9001 Router 0']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "102905"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-0136"
    }
  },
  "description": "Cisco Aggregation Services Router\uff08ASR\uff099000 Series\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u76849000\u7cfb\u5217\u65e0\u7ebf\u63a7\u5236\u5668\u4ea7\u54c1\u3002Cisco IOS XR Software\u662f\u5176\u4e2d\u7684\u4e00\u5957\u6a21\u5757\u5316\u3001\u5206\u5e03\u5f0f\u7684\u7f51\u7edc\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nCisco Aggregation Services Router (ASR) 9000 Series\u4e2d\u7684Cisco IOS XR Software 5.3.4\u7248\u672c\u7684IPv6\u5b50\u7cfb\u7edf\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7684\u5904\u7406IPv6\u6570\u636e\u5305\u3002\u5f53\u8def\u7531\u5668\u5b89\u88c5\u6709\u57fa\u4e8eTrident\u7684\u7ebf\u5361\u5e76\u914d\u7f6e\u6709IPv6\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001IPv6\u6570\u636e\u5305\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u91cd\u542f\uff09\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://bst.cloudapps.cisco.com/bugsearch/bug/CSCvg46800",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-04722",
  "openTime": "2018-03-09",
  "patchDescription": "Cisco Aggregation Services Router\uff08ASR\uff099000 Series\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u76849000\u7cfb\u5217\u65e0\u7ebf\u63a7\u5236\u5668\u4ea7\u54c1\u3002Cisco IOS XR Software\u662f\u5176\u4e2d\u7684\u4e00\u5957\u6a21\u5757\u5316\u3001\u5206\u5e03\u5f0f\u7684\u7f51\u7edc\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nCisco Aggregation Services Router (ASR) 9000 Series\u4e2d\u7684Cisco IOS XR Software 5.3.4\u7248\u672c\u7684IPv6\u5b50\u7cfb\u7edf\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7684\u5904\u7406IPv6\u6570\u636e\u5305\u3002\u5f53\u8def\u7531\u5668\u5b89\u88c5\u6709\u57fa\u4e8eTrident\u7684\u7ebf\u5361\u5e76\u914d\u7f6e\u6709IPv6\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001IPv6\u6570\u636e\u5305\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u91cd\u542f\uff09\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Aggregation Services Router 9000 Series Cisco IOS XR Software\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco IOS XR Software 5.3.4",
      "Cisco ASR 9000 Series Aggregation Services Routers 0",
      "Cisco ASR 9922 Router 0",
      "Cisco ASR 9912 Router 0",
      "Cisco ASR 9904 Router 0",
      "Cisco ASR 9010 Router 0",
      "Cisco ASR 9006 Router 0",
      "Cisco ASR 9001 Router 0"
    ]
  },
  "referenceLink": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180131-ipv6",
  "serverity": "\u9ad8",
  "submitTime": "2018-02-02",
  "title": "Cisco Aggregation Services Router 9000 Series Cisco IOS XR Software\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

CVE-2018-0136 (GCVE-0-2018-0136)

Vulnerability from cvelistv5 – Published: 2018-01-31 20:00 – Updated: 2024-12-02 21:24

Summary

A vulnerability in the IPv6 subsystem of Cisco IOS XR Software Release 5.3.4 for the Cisco Aggregation Services Router (ASR) 9000 Series could allow an unauthenticated, remote attacker to trigger a reload of one or more Trident-based line cards, resulting in a denial of service (DoS) condition. The vulnerability is due to incorrect handling of IPv6 packets with a fragment header extension. An attacker could exploit this vulnerability by sending IPv6 packets designed to trigger the issue either to or through the Trident-based line card. A successful exploit could allow the attacker to trigger a reload of Trident-based line cards, resulting in a DoS during the period of time the line card takes to restart. This vulnerability affects Cisco Aggregation Services Router (ASR) 9000 Series when the following conditions are met: The router is running Cisco IOS XR Software Release 5.3.4, and the router has installed Trident-based line cards that have IPv6 configured. A software maintenance upgrade (SMU) has been made available that addresses this vulnerability. The fix has also been incorporated into service pack 7 for Cisco IOS XR Software Release 5.3.4. Cisco Bug IDs: CSCvg46800.

Severity ?

No CVSS data available.

CWE

CWE-20

Assigner

cisco

References

URL

Tags

	http://www.securityfocus.com/bid/102905	vdb-entryx_refsource_BID
	https://tools.cisco.com/security/center/content/C…	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1040315	vdb-entryx_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	n/a	Cisco Aggregation Services Router 9000 Series	Affected: Cisco Aggregation Services Router 9000 Series

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:14:16.885Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "102905",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102905"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180131-ipv6"
          },
          {
            "name": "1040315",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040315"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-0136",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-02T19:11:34.315844Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-02T21:24:47.666Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Aggregation Services Router 9000 Series",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco Aggregation Services Router 9000 Series"
            }
          ]
        }
      ],
      "datePublic": "2018-01-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the IPv6 subsystem of Cisco IOS XR Software Release 5.3.4 for the Cisco Aggregation Services Router (ASR) 9000 Series could allow an unauthenticated, remote attacker to trigger a reload of one or more Trident-based line cards, resulting in a denial of service (DoS) condition. The vulnerability is due to incorrect handling of IPv6 packets with a fragment header extension. An attacker could exploit this vulnerability by sending IPv6 packets designed to trigger the issue either to or through the Trident-based line card. A successful exploit could allow the attacker to trigger a reload of Trident-based line cards, resulting in a DoS during the period of time the line card takes to restart. This vulnerability affects Cisco Aggregation Services Router (ASR) 9000 Series when the following conditions are met: The router is running Cisco IOS XR Software Release 5.3.4, and the router has installed Trident-based line cards that have IPv6 configured. A software maintenance upgrade (SMU) has been made available that addresses this vulnerability. The fix has also been incorporated into service pack 7 for Cisco IOS XR Software Release 5.3.4. Cisco Bug IDs: CSCvg46800."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-03T10:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "102905",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102905"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180131-ipv6"
        },
        {
          "name": "1040315",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040315"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2018-0136",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Aggregation Services Router 9000 Series",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco Aggregation Services Router 9000 Series"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the IPv6 subsystem of Cisco IOS XR Software Release 5.3.4 for the Cisco Aggregation Services Router (ASR) 9000 Series could allow an unauthenticated, remote attacker to trigger a reload of one or more Trident-based line cards, resulting in a denial of service (DoS) condition. The vulnerability is due to incorrect handling of IPv6 packets with a fragment header extension. An attacker could exploit this vulnerability by sending IPv6 packets designed to trigger the issue either to or through the Trident-based line card. A successful exploit could allow the attacker to trigger a reload of Trident-based line cards, resulting in a DoS during the period of time the line card takes to restart. This vulnerability affects Cisco Aggregation Services Router (ASR) 9000 Series when the following conditions are met: The router is running Cisco IOS XR Software Release 5.3.4, and the router has installed Trident-based line cards that have IPv6 configured. A software maintenance upgrade (SMU) has been made available that addresses this vulnerability. The fix has also been incorporated into service pack 7 for Cisco IOS XR Software Release 5.3.4. Cisco Bug IDs: CSCvg46800."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "102905",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102905"
            },
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180131-ipv6",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180131-ipv6"
            },
            {
              "name": "1040315",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040315"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2018-0136",
    "datePublished": "2018-01-31T20:00:00",
    "dateReserved": "2017-11-27T00:00:00",
    "dateUpdated": "2024-12-02T21:24:47.666Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2018-04722

CVE-2018-0136 (GCVE-0-2018-0136)

Tags

Sightings

Nomenclature