CVE-2018-0480Race Condition in Cisco IOS XE Software

CWE-362Race Condition6 documents5 sources
Severity
6.1MEDIUMNVD
EPSS
0.2%
top 61.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XE SoftwareCisco IOS XE
Timeline
PublishedOct 5
Latest updateMay 13

Description

A vulnerability in the errdisable per VLAN feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause the device to crash, leading to a denial of service (DoS) condition. The vulnerability is due to a race condition that occurs when the VLAN and port enter an errdisabled state, resulting in an incorrect state in the software. An attacker could exploit this vulnerability by sending frames that trigger the errdisable condition. A successful exploit could allow the

CVSS vector

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 1.6 | Impact: 4.0

Affected Packages2 packages

NVDcisco/ios_xe3.6\(5\)

🔴Vulnerability Details

2
GHSA
GHSA-2q4r-gmc8-6577: A vulnerability in the errdisable per VLAN feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause the device to c2022-05-13
CVEList
Cisco IOS XE Software Errdisable Denial of Service Vulnerability2018-10-05

📋Vendor Advisories

1
Cisco
Cisco IOS XE Software Errdisable Denial of Service Vulnerability2018-09-26

💬Community

2
Bugzilla
CVE-2018-1048 undertow: ALLOW_ENCODED_SLASH option not taken into account in the AjpRequestParser2018-01-15
Bugzilla
CVE-2017-12196 undertow: Client can use bogus uri in Digest authentication2017-10-17
CVE-2018-0480 — Race Condition in Cisco IOS XE Software | cvebase