CVE-2018-0471

Sažetak

A vulnerability in the Cisco Discovery Protocol (CDP) module of Cisco IOS XE Software Releases 16.6.1 and 16.6.2 could allow an unauthenticated, adjacent attacker to cause a memory leak that may lead to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain CDP packets. An attacker could exploit this vulnerability by sending certain CDP packets to an affected device. A successful exploit could cause an affected device to continuously consume memory and eventually result in a memory allocation failure that leads to a crash, triggering a reload of the affected device.

Reference

http://www.securityfocus.com/bid/105398
http://www.securitytracker.com/id/1041737
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-cdp-memleak

CVSS

Base:	6.1
Impact:	6.9
Exploitability:	6.5

Pristup

Vektor	Složenost	Autentikacija
ADJACENT_NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	COMPLETE

CVSS vektor

AV:A/AC:L/Au:N/C:N/I:N/A:C

Zadnje važnije ažuriranje

07-12-2020 - 21:05

Objavljeno

05-10-2018 - 14:29