HIGH🚩 CISA KEV⚡ EXPLOIT✓ PATCH🇵🇱 Wersja polska

CVE-2018-0155

CVSS 8.6v3.1pub. 2018-03-28upd. 2026-01-13

A vulnerability in the Bidirectional Forwarding Detection (BFD) offload implementation of Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches could allow an unauthenticated, remote attacker to cause a crash of the iosd process, causing a denial of service (DoS) condition. The vulnerability is due to insufficient error handling when the BFD header in a BFD packet is incomplete. An attacker could exploit this vulnerability by sending a crafted BFD message to or across an affected switch. A successful exploit could allow the attacker to trigger a reload of the system. This vulnerability affects Catalyst 4500 Supervisor Engine 6-E (K5), Catalyst 4500 Supervisor Engine 6L-E (K10), Catalyst 4500 Supervisor Engine 7-E (K10), Catalyst 4500 Supervisor Engine 7L-E (K10), Catalyst 4500E Supervisor Engine 8-E (K10), Catalyst 4500E Supervisor Engine 8L-E (K10), Catalyst 4500E Supervisor Engine 9-E (K10), Catalyst 4500-X Series Switches (K10), Catalyst 4900M Switch (K5), Catalyst 4948E Ethernet Switch (K5). Cisco Bug IDs: CSCvc40729.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
  • Cisco Catalyst 4500e Supervisor Engine 8 E \(k10\)

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 4500e Supervisor Engine 8l E \(k10\)

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 4500e Supervisor Engine 9 E \(k10\)

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 4500 Supervisor Engine 6 E \(k5\)

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 4500 Supervisor Engine 6l E \(k10\)

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 4500 Supervisor Engine 7 E \(k10\)

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 4500 Supervisor Engine 7l E \(k10\)

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 4500 X Series Switches \(k10\)

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 4900m Switch \(k5\)

    HW
    Cisco
    wszystkie wersje
  • Cisco Catalyst 4948e Ethernet Switch \(k5\)

    HW
    Cisco
    wszystkie wersje
  • Cisco IOS

    OS
    Cisco
    3.6\(2\)e
  • Cisco IOS XE

    OS
    Cisco
    3.6\(2\)e
  • Rockwellautomation Allen Bradley Stratix 8300 Industrial Managed Ethernet Switch

    HW
    Rockwellautomation
    wszystkie wersje

CISA KEV — detailsi

Vendori
Cisco
Producti
Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches
Added to KEVi
March 3, 2022
Remediation deadline (US Federal)i
March 17, 2022(overdue)
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

A vulnerability in the Bidirectional Forwarding Detection (BFD) offload implementation of Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches could allow an unauthenticated, remote attacker to cause a crash of the iosd process, causing a denial-of-service (DoS) condition.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 17 marca 2022
Tags
DoS
CWE
References

Related vulnerabilities

CVE-2023-20198CRITICAL10.0⚠ KEVten sam produkt

Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in...

CVE-2018-0151CRITICAL9.8⚠ KEVten sam produkt

A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software coul...

CVE-2018-0171CRITICAL9.8⚠ KEVten sam produkt

A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an un...

CVE-2017-12240CRITICAL9.8⚠ KEVten sam produkt

The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS XE Software contains a vulnerability tha...

CVE-2017-3881CRITICAL9.8⚠ KEVten sam produkt

A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE S...