CVE-2018-0189
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
28/03/2018
Last modified:
09/10/2019
Description
A vulnerability in the Forwarding Information Base (FIB) code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, network attacker to cause a denial of service (DoS) condition. The vulnerability is due to a limitation in the way the FIB is internally representing recursive routes. An attacker could exploit this vulnerability by injecting routes into the routing protocol that have a specific recursive pattern. The attacker must be in a position on the network that provides the ability to inject a number of recursive routes with a specific pattern. An exploit could allow the attacker to cause an affected device to reload, creating a DoS condition. Cisco Bug IDs: CSCva91655.
Impact
Base Score 3.x
5.30
Severity 3.x
MEDIUM
Base Score 2.0
7.10
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:* | 15.5\(3\)s5 (excluding) | |
| cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:* | 15.5\(3\)m5 (excluding) | |
| cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:* | 15.4\(3\)s7 (excluding) | |
| cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:* | 15.4\(2\)s1 (excluding) | |
| cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:* | 15.4\(1\)s1 (excluding) | |
| cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:* | 15.4\(1\)s0a (excluding) | |
| cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:* | 15.2\(5\)e1 (excluding) | |
| cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:* | 15.2\(4\)e5 (excluding) | |
| cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:* | 15.2\(2\)e1 (excluding) | |
| cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:* | 15.2\(1\)e1 (excluding) |
To consult the complete list of CPE names with products and versions, see this page