CVE-2018-0136 — Improper Input Validation in Cisco IOS XR

CWE-20 — Improper Input Validation4 documents4 sources

Severity

8.6HIGHNVD

EPSS

1.4%

top 19.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS XR

Timeline

PublishedJan 31

Latest updateMay 13

Description

A vulnerability in the IPv6 subsystem of Cisco IOS XR Software Release 5.3.4 for the Cisco Aggregation Services Router (ASR) 9000 Series could allow an unauthenticated, remote attacker to trigger a reload of one or more Trident-based line cards, resulting in a denial of service (DoS) condition. The vulnerability is due to incorrect handling of IPv6 packets with a fragment header extension. An attacker could exploit this vulnerability by sending IPv6 packets designed to trigger the issue either t…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages1 packages

▶NVDcisco/ios_xr5.3.4

Patches

Patch: tools.cisco.com ↗Patch: tools.cisco.com ↗

🔴Vulnerability Details

GHSA

GHSA-4wcf-6qr4-2vx5: A vulnerability in the IPv6 subsystem of Cisco IOS XR Software Release 5↗2022-05-13

▶

CVEList

CVE-2018-0136: A vulnerability in the IPv6 subsystem of Cisco IOS XR Software Release 5↗2018-01-31

▶

📋Vendor Advisories

Cisco

Cisco Aggregation Services Router 9000 Series IPv6 Fragment Header Denial of Service Vulnerability↗2018-02-01

▶