CVE-2018-0286Improper Handling of Exceptional Conditions in Cisco IOS XR

CWE-399CWE-755Improper Handling of Exceptional Conditions4 documents4 sources
Severity
5.3MEDIUMNVD
EPSS
0.8%
top 25.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS XR
Timeline
PublishedMay 2
Latest updateMay 13

Description

A vulnerability in the netconf interface of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on affected system. The vulnerability is due to improper handling of malformed requests processed by the netconf process. An attacker could exploit this vulnerability by sending malicious requests to the affected software. An exploit could allow the attacker to cause the targeted process to restart, resulting in a DoS condition on the affe

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

NVDcisco/ios_xr6.3.1, 6.3.2, 6.5.1+2

🔴Vulnerability Details

2
GHSA
GHSA-fcp3-vvv6-vhfh: A vulnerability in the netconf interface of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) c2022-05-13
CVEList
CVE-2018-0286: A vulnerability in the netconf interface of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) c2018-05-02

📋Vendor Advisories

1
Cisco
Cisco IOS XR Software netconf Denial of Service Vulnerability2018-05-02
CVE-2018-0286 — Cisco IOS XR vulnerability | cvebase