Description
A vulnerability in the TCP socket code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a state condition between the socket state and the transmission control block (TCB) state. While this vulnerability potentially affects all TCP applications, the only affected application observed so far is the HTTP server. An attacker could exploit this vulnerability by sending specific HTTP requests at a sustained rate to a reachable IP address of the affected software. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition on an affected device.
Published: 2019-01-10
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2018-1105 A vulnerability in the TCP socket code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a state condition between the socket state and the transmission control block (TCB) state. While this vulnerability potentially affects all TCP applications, the only affected application observed so far is the HTTP server. An attacker could exploit this vulnerability by sending specific HTTP requests at a sustained rate to a reachable IP address of the affected software. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition on an affected device.
History

Thu, 21 Nov 2024 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

Cisco Catalyst 2960-plus 24lc-l Catalyst 2960-plus 24lc-s Catalyst 2960-plus 24pc-l Catalyst 2960-plus 24pc-s Catalyst 2960-plus 24tc-l Catalyst 2960-plus 24tc-s Catalyst 2960-plus 48pst-l Catalyst 2960-plus 48pst-s Catalyst 2960-plus 48tc-l Catalyst 2960-plus 48tc-s Catalyst 2960c-12pc-l Catalyst 2960c-8pc-l Catalyst 2960c-8tc-l Catalyst 2960c-8tc-s Catalyst 2960cg-8tc-l Catalyst 2960cpd-8pt-l Catalyst 2960cpd-8tt-l Catalyst 2960s-24pd-l Catalyst 2960s-24ps-l Catalyst 2960s-24td-l Catalyst 2960s-24ts-l Catalyst 2960s-48fpd-l Catalyst 2960s-48fps-l Catalyst 2960s-48lpd-l Catalyst 2960s-48lps-l Catalyst 2960s-48td-l Catalyst 2960s-48ts-l Catalyst 2960s-48ts-s Catalyst 2960s-f24ps-l Catalyst 2960s-f24ts-l Catalyst 2960s-f24ts-s Catalyst 2960s-f48fps-l Catalyst 2960s-f48lps-l Catalyst 2960s-f48ts-l Catalyst 2960s-f48ts-s Catalyst 2960x-24pd-l Catalyst 2960x-24ps-l Catalyst 2960x-24psq-l Catalyst 2960x-24td-l Catalyst 2960x-24ts-l Catalyst 2960x-24ts-ll Catalyst 2960x-48fpd-l Catalyst 2960x-48fps-l Catalyst 2960x-48lpd-l Catalyst 2960x-48lps-l Catalyst 2960x-48td-l Catalyst 2960x-48ts-l Catalyst 2960x-48ts-ll Catalyst 2960xr-24pd-i Catalyst 2960xr-24ps-i Catalyst 2960xr-24td-i Catalyst 2960xr-24ts-i Catalyst 2960xr-48fpd-i Catalyst 2960xr-48fps-i Catalyst 2960xr-48lpd-i Catalyst 2960xr-48lps-i Catalyst 2960xr-48td-i Catalyst 2960xr-48ts-i Catalyst 3560c-12pc-s Catalyst 3560c-8pc-s Catalyst 3560cg-8pc-s Catalyst 3560cg-8tc-s Catalyst 3560cpd-8pt-s Catalyst 3560x-24p-e Catalyst 3560x-24p-l Catalyst 3560x-24p-s Catalyst 3560x-24t-e Catalyst 3560x-24t-l Catalyst 3560x-24t-s Catalyst 3560x-24u-e Catalyst 3560x-24u-l Catalyst 3560x-24u-s Catalyst 3560x-48p-e Catalyst 3560x-48p-l Catalyst 3560x-48p-s Catalyst 3560x-48pf-e Catalyst 3560x-48pf-l Catalyst 3560x-48pf-s Catalyst 3560x-48t-e Catalyst 3560x-48t-l Catalyst 3560x-48t-s Catalyst 3560x-48u-e Catalyst 3560x-48u-l Catalyst 3560x-48u-s Catalyst 3750x-12s-e Catalyst 3750x-12s-s Catalyst 3750x-24p-e Catalyst 3750x-24p-l Catalyst 3750x-24p-s Catalyst 3750x-24s-e Catalyst 3750x-24s-s Catalyst 3750x-24t-e Catalyst 3750x-24t-l Catalyst 3750x-24t-s Catalyst 3750x-24u-e Catalyst 3750x-24u-l Catalyst 3750x-24u-s Catalyst 3750x-48p-e Catalyst 3750x-48p-l Catalyst 3750x-48p-s Catalyst 3750x-48pf-e Catalyst 3750x-48pf-l Catalyst 3750x-48pf-s Catalyst 3750x-48t-e Catalyst 3750x-48t-l Catalyst 3750x-48t-s Catalyst 3750x-48u-e Catalyst 3750x-48u-l Catalyst 3750x-48u-s Catalyst 4500 Supervisor Engine 6-e Catalyst 4500 Supervisor Engine 6l-e Catalyst 4900m Catalyst 4948e Catalyst 4948e-f Embedded Service 2020 24tc Con Embedded Service 2020 24tc Con B Embedded Service 2020 24tc Ncp Embedded Service 2020 24tc Ncp B Embedded Service 2020 Con Embedded Service 2020 Con B Embedded Service 2020 Ncp Embedded Service 2020 Ncp B Ie-3010-16s-8pc Ie-3010-24tc Ie 2000-16ptc-g Ie 2000-16t67 Ie 2000-16t67p Ie 2000-16tc Ie 2000-16tc-g Ie 2000-16tc-g-e Ie 2000-16tc-g-n Ie 2000-16tc-g-x Ie 2000-24t67 Ie 2000-4s-ts-g Ie 2000-4t Ie 2000-4t-g Ie 2000-4ts Ie 2000-4ts-g Ie 2000-8t67 Ie 2000-8t67p Ie 2000-8tc Ie 2000-8tc-g Ie 2000-8tc-g-e Ie 2000-8tc-g-n Ie 3000-4tc Ie 3000-8tc Ios Ios Xe Sm-x Layer 2\/3 Etherswitch Service Module
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2024-11-21T19:49:52.226Z

Reserved: 2017-11-27T00:00:00.000Z

Link: CVE-2018-0282

cve-icon Vulnrichment

Updated: 2024-08-05T03:21:14.918Z

cve-icon NVD

Status : Modified

Published: 2019-01-10T00:29:00.297

Modified: 2024-11-21T03:37:53.353

Link: CVE-2018-0282

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses