MEDIUM✓ PATCH🇬🇧 English

CVE-2018-0282

CVSS 6.8v3.1pub. 2019-01-10upd. 2024-11-21

A vulnerability in the TCP socket code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a state condition between the socket state and the transmission control block (TCB) state. While this vulnerability potentially affects all TCP applications, the only affected application observed so far is the HTTP server. An attacker could exploit this vulnerability by sending specific HTTP requests at a sustained rate to a reachable IP address of the affected software. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition on an affected device.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
  • Cisco Catalyst 2960c 12pc L

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 2960c 8pc L

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 2960c 8tc L

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 2960c 8tc S

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 2960cg 8tc L

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 2960cpd 8pt L

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 2960cpd 8tt L

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 2960 Plus 24lc L

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 2960 Plus 24lc S

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 2960 Plus 24pc L

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 2960 Plus 24pc S

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 2960 Plus 24tc L

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 2960 Plus 24tc S

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 2960 Plus 48pst L

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 2960 Plus 48pst S

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 2960 Plus 48tc L

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 2960 Plus 48tc S

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 2960s 24pd L

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 2960s 24ps L

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 2960s 24td L

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 2960s 24ts L

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 2960s 48fpd L

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 2960s 48fps L

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 2960s 48lpd L

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 2960s 48lps L

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 2960s 48td L

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 2960s 48ts L

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 2960s 48ts S

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 2960s F24ps L

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 2960s F24ts L

    HW
    Cisco
    wszystkie wersje
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
DoS
CWE
Referencje

Powiązane podatności

CVE-2023-20198CRITICAL10.0⚠ KEVten sam produkt

Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in...

CVE-2018-0151CRITICAL9.8⚠ KEVten sam produkt

A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software coul...

CVE-2018-0171CRITICAL9.8⚠ KEVten sam produkt

A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an un...

CVE-2017-12240CRITICAL9.8⚠ KEVten sam produkt

The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS XE Software contains a vulnerability tha...

CVE-2017-3881CRITICAL9.8⚠ KEVten sam produkt

A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE S...