CVE-2018-0369

CWE-20 — Improper Input Validation4 documents4 sources

Severity

8.6HIGH

EPSS

1.3%

top 20.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Staros

Timeline

PublishedJul 16

Latest updateMay 13

Description

A vulnerability in the reassembly logic for fragmented IPv4 packets of Cisco StarOS running on virtual platforms could allow an unauthenticated, remote attacker to trigger a reload of the npusim process, resulting in a denial of service (DoS) condition. There are four instances of the npusim process running per Service Function (SF) instance, each handling a subset of all traffic flowing across the device. It is possible to trigger a reload of all four instances of the npusim process around the …

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages2 packages

▶NVDcisco/staros21.3 — 21.3.15+2

▶CVEListV5cisco_staros_unknownCisco StarOS unknown

🔴Vulnerability Details

GHSA

GHSA-cmmh-whh8-pwmv: A vulnerability in the reassembly logic for fragmented IPv4 packets of Cisco StarOS running on virtual platforms could allow an unauthenticated, remot↗2022-05-13

▶

CVEList

CVE-2018-0369: A vulnerability in the reassembly logic for fragmented IPv4 packets of Cisco StarOS running on virtual platforms could allow an unauthenticated, remot↗2018-07-16

▶

📋Vendor Advisories

Cisco

Cisco StarOS IPv4 Fragmentation Denial of Service Vulnerability↗2018-07-11

▶