CVE-2018-0480

Sažetak

A vulnerability in the errdisable per VLAN feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause the device to crash, leading to a denial of service (DoS) condition. The vulnerability is due to a race condition that occurs when the VLAN and port enter an errdisabled state, resulting in an incorrect state in the software. An attacker could exploit this vulnerability by sending frames that trigger the errdisable condition. A successful exploit could allow the attacker to cause the affected device to crash, leading to a DoS condition.

Reference

http://www.securityfocus.com/bid/105400
http://www.securitytracker.com/id/1041737
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-errdisable

CVSS

Base:	5.7
Impact:	6.9
Exploitability:	5.5

Pristup

Vektor	Složenost	Autentikacija
ADJACENT_NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	COMPLETE

CVSS vektor

AV:A/AC:M/Au:N/C:N/I:N/A:C

Zadnje važnije ažuriranje

09-10-2019 - 23:32

Objavljeno

05-10-2018 - 14:29