Vulnerability Name: CVE-2018-0155 (CCN-140916) Assigned: 2017-11-27 Published: 2018-03-28 Updated: 2020-09-04 Summary: A vulnerability in the Bidirectional Forwarding Detection (BFD) offload implementation of Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches could allow an unauthenticated, remote attacker to cause a crash of the iosd process, causing a denial of service (DoS) condition. The vulnerability is due to insufficient error handling when the BFD header in a BFD packet is incomplete. An attacker could exploit this vulnerability by sending a crafted BFD message to or across an affected switch. A successful exploit could allow the attacker to trigger a reload of the system. This vulnerability affects Catalyst 4500 Supervisor Engine 6-E (K5), Catalyst 4500 Supervisor Engine 6L-E (K10), Catalyst 4500 Supervisor Engine 7-E (K10), Catalyst 4500 Supervisor Engine 7L-E (K10), Catalyst 4500E Supervisor Engine 8-E (K10), Catalyst 4500E Supervisor Engine 8L-E (K10), Catalyst 4500E Supervisor Engine 9-E (K10), Catalyst 4500-X Series Switches (K10), Catalyst 4900M Switch (K5), Catalyst 4948E Ethernet Switch (K5). Cisco Bug IDs: CSCvc40729. CVSS v3 Severity: 8.6 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H 7.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): ChangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): High
8.6 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H 7.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): ChangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): High
CVSS v2 Severity: 7.8 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Complete
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Complete
Vulnerability Type: CWE-755 Vulnerability Consequences: Denial of Service References: Source: MITRECVE-2018-0155 103565 Cisco IOS and IOS XE Software CVE-2018-0155 Denial of Service Vulnerability 1040587 cisco-bfd-cve20180155-dos(140916) https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05 Cisco IOS and IOS XE Software Bidirectional Forwarding Detection Denial of Service Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-bfd KNOWN EXPLOITED VULNERABILITIES CATALOG Vulnerable Configuration: Configuration 1 :cpe:/o:cisco:ios:3.6(2)e:*:*:*:*:*:*:* OR cpe:/o:cisco:ios_xe:3.6(2)e:*:*:*:*:*:*:* AND cpe:/h:cisco:catalyst_4500-x_series_switches_(k10):-:*:*:*:*:*:*:* OR cpe:/h:cisco:catalyst_4500_supervisor_engine_6-e_(k5):-:*:*:*:*:*:*:* OR cpe:/h:cisco:catalyst_4500_supervisor_engine_6l-e_(k10):-:*:*:*:*:*:*:* OR cpe:/h:cisco:catalyst_4500_supervisor_engine_7-e_(k10):-:*:*:*:*:*:*:* OR cpe:/h:cisco:catalyst_4500_supervisor_engine_7l-e_(k10):-:*:*:*:*:*:*:* OR cpe:/h:cisco:catalyst_4500e_supervisor_engine_8-e_(k10):-:*:*:*:*:*:*:* OR cpe:/h:cisco:catalyst_4500e_supervisor_engine_8l-e_(k10):-:*:*:*:*:*:*:* OR cpe:/h:cisco:catalyst_4500e_supervisor_engine_9-e_(k10):-:*:*:*:*:*:*:* OR cpe:/h:cisco:catalyst_4900m_switch_(k5):-:*:*:*:*:*:*:* OR cpe:/h:cisco:catalyst_4948e_ethernet_switch_(k5):-:*:*:*:*:*:*:* Configuration 2 :cpe:/o:cisco:ios:3.6(2)e:*:*:*:*:*:*:* OR cpe:/o:cisco:ios_xe:3.6(2)e:*:*:*:*:*:*:* AND cpe:/h:rockwellautomation:allen-bradley_stratix_8300_industrial_managed_ethernet_switch:-:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:oracle:cisco_ios_xe_software:16.2.1:*:*:*:*:*:*:* OR cpe:/h:cisco:catalyst_4500_supervisor_engine_6-e:-:*:*:*:*:*:*:* OR cpe:/h:cisco:catalyst_4500_supervisor_engine_6l-e:-:*:*:*:*:*:*:* OR cpe:/h:cisco:catalyst_4948e_ethernet_switch:-:*:*:*:*:*:*:* OR cpe:/h:cisco:catalyst_4500e_supervisor_engine_8-e:-:*:*:*:*:*:*:* BACK
cisco ios 3.6(2)e
cisco ios xe 3.6(2)e
cisco catalyst 4500-x series switches (k10) -
cisco catalyst 4500 supervisor engine 6-e (k5) -
cisco catalyst 4500 supervisor engine 6l-e (k10) -
cisco catalyst 4500 supervisor engine 7-e (k10) -
cisco catalyst 4500 supervisor engine 7l-e (k10) -
cisco catalyst 4500e supervisor engine 8-e (k10) -
cisco catalyst 4500e supervisor engine 8l-e (k10) -
cisco catalyst 4500e supervisor engine 9-e (k10) -
cisco catalyst 4900m switch (k5) -
cisco catalyst 4948e ethernet switch (k5) -
cisco ios 3.6(2)e
cisco ios xe 3.6(2)e
rockwellautomation allen-bradley stratix 8300 industrial managed ethernet switch -
oracle cisco ios xe software 16.2.1
cisco catalyst 4500 supervisor engine 6-e -
cisco catalyst 4500 supervisor engine 6l-e -
cisco catalyst 4948e ethernet switch -
cisco catalyst 4500e supervisor engine 8-e -
Denotes that component is vulnerable