{"containers": {"cna": {"affected": [{"product": "Cisco IOS XE Software", "vendor": "Cisco", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-09-26T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "A vulnerability in the web framework of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a buffer overflow condition on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to the affected software improperly parsing malformed HTTP packets that are destined to a device. An attacker could exploit this vulnerability by sending a malformed HTTP packet to an affected device for processing. A successful exploit could allow the attacker to cause a buffer overflow condition on the affected device, resulting in a DoS condition."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-399", "description": "CWE-399", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-04-12T19:04:01.000Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20180926 Cisco IOS XE Software HTTP Denial of Service Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-webdos"}, {"name": "1041737", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1041737"}, {"name": "105397", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/105397"}, {"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-094-03"}], "source": {"advisory": "cisco-sa-20180926-webdos", "defect": [["CSCvb22618"]], "discovery": "UNKNOWN"}, "title": "Cisco IOS XE Software HTTP Denial of Service Vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2018-09-26T16:00:00-0500", "ID": "CVE-2018-0470", "STATE": "PUBLIC", "TITLE": "Cisco IOS XE Software HTTP Denial of Service Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco IOS XE Software", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "Cisco"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the web framework of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a buffer overflow condition on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to the affected software improperly parsing malformed HTTP packets that are destined to a device. An attacker could exploit this vulnerability by sending a malformed HTTP packet to an affected device for processing. A successful exploit could allow the attacker to cause a buffer overflow condition on the affected device, resulting in a DoS condition."}]}, "impact": {"cvss": {"baseScore": "8.6", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-399"}]}]}, "references": {"reference_data": [{"name": "20180926 Cisco IOS XE Software HTTP Denial of Service Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-webdos"}, {"name": "1041737", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041737"}, {"name": "105397", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105397"}, {"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-094-03", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-094-03"}]}, "source": {"advisory": "cisco-sa-20180926-webdos", "defect": [["CSCvb22618"]], "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:28:10.883Z"}, "title": "CVE Program Container", "references": [{"name": "20180926 Cisco IOS XE Software HTTP Denial of Service Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-webdos"}, {"name": "1041737", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1041737"}, {"name": "105397", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/105397"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-094-03"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-25T18:53:17.923767Z", "id": "CVE-2018-0470", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-26T14:38:31.873Z"}}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2018-0470", "datePublished": "2018-10-05T14:00:00.000Z", "dateReserved": "2017-11-27T00:00:00.000Z", "dateUpdated": "2024-11-26T14:38:31.873Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-webdos", "name": "20180926 Cisco IOS XE Software HTTP Denial of Service Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"]}, {"url": "http://www.securitytracker.com/id/1041737", "name": "1041737", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"]}, {"url": "http://www.securityfocus.com/bid/105397", "name": "105397", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"]}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-094-03", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:28:10.883Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2018-0470", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-25T18:53:17.923767Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-25T18:54:26.471Z"}}], "cna": {"title": "Cisco IOS XE Software HTTP Denial of Service Vulnerability", "source": {"defect": [["CSCvb22618"]], "advisory": "cisco-sa-20180926-webdos", "discovery": "UNKNOWN"}, "affected": [{"vendor": "Cisco", "product": "Cisco IOS XE Software", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-09-26T00:00:00.000Z", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-webdos", "name": "20180926 Cisco IOS XE Software HTTP Denial of Service Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"]}, {"url": "http://www.securitytracker.com/id/1041737", "name": "1041737", "tags": ["vdb-entry", "x_refsource_SECTRACK"]}, {"url": "http://www.securityfocus.com/bid/105397", "name": "105397", "tags": ["vdb-entry", "x_refsource_BID"]}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-094-03", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web framework of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a buffer overflow condition on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to the affected software improperly parsing malformed HTTP packets that are destined to a device. An attacker could exploit this vulnerability by sending a malformed HTTP packet to an affected device for processing. A successful exploit could allow the attacker to cause a buffer overflow condition on the affected device, resulting in a DoS condition."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-399", "description": "CWE-399"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2019-04-12T19:04:01.000Z"}, "x_legacyV4Record": {"impact": {"cvss": {"version": "3.0", "baseScore": "8.6"}}, "source": {"defect": [["CSCvb22618"]], "advisory": "cisco-sa-20180926-webdos", "discovery": "UNKNOWN"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "n/a"}]}, "product_name": "Cisco IOS XE Software"}]}, "vendor_name": "Cisco"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-webdos", "name": "20180926 Cisco IOS XE Software HTTP Denial of Service Vulnerability", "refsource": "CISCO"}, {"url": "http://www.securitytracker.com/id/1041737", "name": "1041737", "refsource": "SECTRACK"}, {"url": "http://www.securityfocus.com/bid/105397", "name": "105397", "refsource": "BID"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-094-03", "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-094-03", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the web framework of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a buffer overflow condition on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to the affected software improperly parsing malformed HTTP packets that are destined to a device. An attacker could exploit this vulnerability by sending a malformed HTTP packet to an affected device for processing. A successful exploit could allow the attacker to cause a buffer overflow condition on the affected device, resulting in a DoS condition."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-399"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2018-0470", "STATE": "PUBLIC", "TITLE": "Cisco IOS XE Software HTTP Denial of Service Vulnerability", "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2018-09-26T16:00:00-0500"}}}}, "cveMetadata": {"cveId": "CVE-2018-0470", "state": "PUBLISHED", "dateUpdated": "2024-11-26T14:38:31.873Z", "dateReserved": "2017-11-27T00:00:00.000Z", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2018-10-05T14:00:00.000Z", "assignerShortName": "cisco"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios_xe:16.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "DC820348-1E2E-4791-BF56-419749F02162", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.3\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "D08E919C-BC85-49A4-B8FD-21B4C4A10B5D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web framework of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a buffer overflow condition on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to the affected software improperly parsing malformed HTTP packets that are destined to a device. An attacker could exploit this vulnerability by sending a malformed HTTP packet to an affected device for processing. A successful exploit could allow the attacker to cause a buffer overflow condition on the affected device, resulting in a DoS condition."}, {"lang": "es", "value": "Una vulnerabilidad en el framework web de Cisco IOS XE Software podr\u00eda permitir que un atacante remoto sin autenticar provoque un desbordamiento de b\u00fafer en un dispositivo afectado, lo que resulta en una denegaci\u00f3n de servicio (DoS). La vulnerabilidad se debe a que el software afectado analiza incorrectamente los paquetes HTTP mal formados que se env\u00edan al dispositivo afectado. Un atacante podr\u00eda explotar esta vulnerabilidad enviando un paquete HTTP mal formado a un dispositivo afectado para su procesamiento. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir que el atacante provoque un desbordamiento de b\u00fafer en el dispositivo afectado y provoque una denegaci\u00f3n de servicio (DoS)."}], "id": "CVE-2018-0470", "lastModified": "2024-11-21T03:38:18.050", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-10-05T14:29:04.810", "references": [{"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/105397"}, {"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1041737"}, {"source": "ykramarz@cisco.com", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-094-03"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-webdos"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/105397"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1041737"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-094-03"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-webdos"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "ykramarz@cisco.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}