CVE-2018-0189
published 2018-03-28CVE-2018-0189: A vulnerability in the Forwarding Information Base (FIB) code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, network attacker…
medium5.3CVSS 3.0
AVNACHPRLUINSUCNINAH
A vulnerability in the Forwarding Information Base (FIB) code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, network attacker to cause a denial of service (DoS) condition. The vulnerability is due to a limitation in the way the FIB is internally representing recursive routes. An attacker could exploit this vulnerability by injecting routes into the routing protocol that have a specific recursive pattern. The attacker must be in a position on the network that provides the ability to inject a number of recursive routes with a specific pattern. An exploit could allow the attacker to cause an affected device to reload, creating a DoS condition. Cisco Bug IDs: CSCva91655.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | ios_and_ios_xe | — | — |
| cisco | ios_xe | < 15.5\(3\)s5 | 15.5\(3\)s5 |
| cisco | ios_xe | < 15.5\(3\)m5 | 15.5\(3\)m5 |
| cisco | ios_xe | < 15.4\(3\)s7 | 15.4\(3\)s7 |
| cisco | ios_xe | < 15.4\(2\)s1 | 15.4\(2\)s1 |
| cisco | ios_xe | < 15.4\(1\)s1 | 15.4\(1\)s1 |
| cisco | ios_xe | < 15.4\(1\)s0a | 15.4\(1\)s0a |
| cisco | ios_xe | < 15.2\(5\)e1 | 15.2\(5\)e1 |
| cisco | ios_xe | < 15.2\(4\)e5 | 15.2\(4\)e5 |
| cisco | ios_xe | < 15.2\(2\)e1 | 15.2\(2\)e1 |
| cisco | ios_xe | < 15.2\(1\)e1 | 15.2\(1\)e1 |