CVE-2018-0173
Last modified
CVE-2018-0173 is a high-severity vulnerability rated 8.6/10 on the CVSS scale. A vulnerability in the Cisco IOS Software and Cisco IOS XE Software function that restores encapsulated option 82 information in DHCP Version 4 (DHCPv4) packets could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a Relay Reply denial of service (DoS) condition. The vulnerability exists because the affected software performs incomplete input validation of encapsulated option 82 information that it receives in DHCPOFFER messages from DHCPv4 servers. CISA has confirmed active exploitation in the wild. EPSS estimates a 7.61% chance of exploitation in the next 30 days.
Description
A vulnerability in the Cisco IOS Software and Cisco IOS XE Software function that restores encapsulated option 82 information in DHCP Version 4 (DHCPv4) packets could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a Relay Reply denial of service (DoS) condition. The vulnerability exists because the affected software performs incomplete input validation of encapsulated option 82 information that it receives in DHCPOFFER messages from DHCPv4 servers. An attacker could exploit this vulnerability by sending a crafted DHCPv4 packet to an affected device, which the device would then forward to a DHCPv4 server. When the affected software processes the option 82 information that is encapsulated in the response from the server, an error could occur. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvg62754.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Exploitation Status
This vulnerability is listed in CISA’s Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. Federal agencies must remediate by .
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Ios | denali-16.3.4 |
| Cisco | Ios Xe | denali-16.3.4 |
| Cisco | Ios | <= 15.2\(6\)e0a |
| Cisco | Ios Xe | <= 15.2\(6\)e0a |
| Cisco | Ios | <= 15.2\(4a\)ea5 |
| Cisco | Ios Xe | <= 15.2\(4a\)ea5 |
References
- http://www.securityfocus.com/bid/103545Broken Link, Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1040591Broken Link, Third Party Advisory, VDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04Third Party Advisory, US Government Resource
- https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05Third Party Advisory, US Government Resource
- https://www.tenable.com/security/research/tra-2018-06Third Party Advisory
- http://www.securityfocus.com/bid/103545Broken Link, Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1040591Broken Link, Third Party Advisory, VDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04Third Party Advisory, US Government Resource
- https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05Third Party Advisory, US Government Resource
- https://www.tenable.com/security/research/tra-2018-06Third Party Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-0173US Government Resource
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2018-0173?
How severe is CVE-2018-0173?
How do I fix CVE-2018-0173?
Are you affected by CVE-2018-0173?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST