Vulnerability-Lookup

CVE-2018-0480 (GCVE-0-2018-0480)

Vulnerability from cvelistv5 – Published: 2018-10-05 14:00 – Updated: 2024-11-26 14:37

Title

Cisco IOS XE Software Errdisable Denial of Service Vulnerability

Summary

A vulnerability in the errdisable per VLAN feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause the device to crash, leading to a denial of service (DoS) condition. The vulnerability is due to a race condition that occurs when the VLAN and port enter an errdisabled state, resulting in an incorrect state in the software. An attacker could exploit this vulnerability by sending frames that trigger the errdisable condition. A successful exploit could allow the attacker to cause the affected device to crash, leading to a DoS condition.

Severity ?

No CVSS data available.

CWE

CWE-362

Assigner

cisco

References

URL

	Vendor	Product	Version
	Cisco	Cisco IOS XE Software	Affected: n/a

CNVD-2018-20298

Vulnerability from cnvd - Published: 2018-09-30

Title

Cisco Catalyst 3650、3850和4500E Series Switchs IOS XE Software拒绝服务漏洞

Description

Cisco Catalyst 3650、3850和4500E Series Switchs都是美国思科（Cisco）公司的不同系列的交换机产品。IOS XE Software是运行在其中的一套Cisco为其网络设备开发的操作系统。 Cisco Catalyst 3650、3850和4500E Series Switchs中的IOS XE Software中的errdisable per VLAN功能存在拒绝服务漏洞。物理位置邻近的攻击者可利用该漏洞造成拒绝服务（设备崩溃）。

Severity

中

Patch Name

Cisco Catalyst 3650、3850和4500E Series Switchs IOS XE Software拒绝服务漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-errdisable

Reference

https://www.securityfocus.com/bid/105400

Impacted products

Name
['Cisco Catalyst 3650 Series Switches', 'Cisco Catalyst 3850 Series Switches', 'Cisco Catalyst 4500E Series Switches']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "105400"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-0480",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0480"
    }
  },
  "description": "Cisco Catalyst 3650\u30013850\u548c4500E Series Switchs\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e0d\u540c\u7cfb\u5217\u7684\u4ea4\u6362\u673a\u4ea7\u54c1\u3002IOS XE Software\u662f\u8fd0\u884c\u5728\u5176\u4e2d\u7684\u4e00\u5957Cisco\u4e3a\u5176\u7f51\u7edc\u8bbe\u5907\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nCisco Catalyst 3650\u30013850\u548c4500E Series Switchs\u4e2d\u7684IOS XE Software\u4e2d\u7684errdisable per VLAN\u529f\u80fd\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u7269\u7406\u4f4d\u7f6e\u90bb\u8fd1\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u8bbe\u5907\u5d29\u6e83\uff09\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-errdisable",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-20298",
  "openTime": "2018-09-30",
  "patchDescription": "Cisco Catalyst 3650\u30013850\u548c4500E Series Switchs\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e0d\u540c\u7cfb\u5217\u7684\u4ea4\u6362\u673a\u4ea7\u54c1\u3002IOS XE Software\u662f\u8fd0\u884c\u5728\u5176\u4e2d\u7684\u4e00\u5957Cisco\u4e3a\u5176\u7f51\u7edc\u8bbe\u5907\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nCisco Catalyst 3650\u30013850\u548c4500E Series Switchs\u4e2d\u7684IOS XE Software\u4e2d\u7684errdisable per VLAN\u529f\u80fd\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u7269\u7406\u4f4d\u7f6e\u90bb\u8fd1\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u8bbe\u5907\u5d29\u6e83\uff09\u3002 \u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Catalyst 3650\u30013850\u548c4500E Series Switchs IOS XE Software\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco Catalyst 3650 Series Switches",
      "Cisco Catalyst 3850 Series Switches",
      "Cisco Catalyst 4500E Series Switches"
    ]
  },
  "referenceLink": "https://www.securityfocus.com/bid/105400",
  "serverity": "\u4e2d",
  "submitTime": "2018-09-29",
  "title": "Cisco Catalyst 3650\u30013850\u548c4500E Series Switchs IOS XE Software\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

GSD-2018-0480

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-0480

Aliases

CVE-2018-0480

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-0480",
    "description": "A vulnerability in the errdisable per VLAN feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause the device to crash, leading to a denial of service (DoS) condition. The vulnerability is due to a race condition that occurs when the VLAN and port enter an errdisabled state, resulting in an incorrect state in the software. An attacker could exploit this vulnerability by sending frames that trigger the errdisable condition. A successful exploit could allow the attacker to cause the affected device to crash, leading to a DoS condition.",
    "id": "GSD-2018-0480"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-0480"
      ],
      "details": "A vulnerability in the errdisable per VLAN feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause the device to crash, leading to a denial of service (DoS) condition. The vulnerability is due to a race condition that occurs when the VLAN and port enter an errdisabled state, resulting in an incorrect state in the software. An attacker could exploit this vulnerability by sending frames that trigger the errdisable condition. A successful exploit could allow the attacker to cause the affected device to crash, leading to a DoS condition.",
      "id": "GSD-2018-0480",
      "modified": "2023-12-13T01:22:25.152941Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "DATE_PUBLIC": "2018-09-26T16:00:00-0500",
        "ID": "CVE-2018-0480",
        "STATE": "PUBLIC",
        "TITLE": "Cisco IOS XE Software Errdisable Denial of Service Vulnerability"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Cisco IOS XE Software",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Cisco"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability in the errdisable per VLAN feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause the device to crash, leading to a denial of service (DoS) condition. The vulnerability is due to a race condition that occurs when the VLAN and port enter an errdisabled state, resulting in an incorrect state in the software. An attacker could exploit this vulnerability by sending frames that trigger the errdisable condition. A successful exploit could allow the attacker to cause the affected device to crash, leading to a DoS condition."
          }
        ]
      },
      "impact": {
        "cvss": {
          "baseScore": "7.4",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-362"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20180926 Cisco IOS XE Software Errdisable Denial of Service Vulnerability",
            "refsource": "CISCO",
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-errdisable"
          },
          {
            "name": "105400",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/105400"
          },
          {
            "name": "1041737",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1041737"
          }
        ]
      },
      "source": {
        "advisory": "cisco-sa-20180926-errdisable",
        "defect": [
          [
            "CSCvh13611"
          ]
        ],
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:cisco:ios_xe:3.6\\(5\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2018-0480"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability in the errdisable per VLAN feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause the device to crash, leading to a denial of service (DoS) condition. The vulnerability is due to a race condition that occurs when the VLAN and port enter an errdisabled state, resulting in an incorrect state in the software. An attacker could exploit this vulnerability by sending frames that trigger the errdisable condition. A successful exploit could allow the attacker to cause the affected device to crash, leading to a DoS condition."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-362"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20180926 Cisco IOS XE Software Errdisable Denial of Service Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-errdisable"
            },
            {
              "name": "1041737",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1041737"
            },
            {
              "name": "105400",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/105400"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 5.7,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 5.5,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.6,
          "impactScore": 4.0
        }
      },
      "lastModifiedDate": "2019-10-09T23:32Z",
      "publishedDate": "2018-10-05T14:29Z"
    }
  }
}

GHSA-2Q4R-GMC8-6577

Vulnerability from github – Published: 2022-05-13 01:35 – Updated: 2022-05-13 01:35

Details

Severity ?

6.1 (Medium)


                  
                    CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-0480"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-10-05T14:29:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the errdisable per VLAN feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause the device to crash, leading to a denial of service (DoS) condition. The vulnerability is due to a race condition that occurs when the VLAN and port enter an errdisabled state, resulting in an incorrect state in the software. An attacker could exploit this vulnerability by sending frames that trigger the errdisable condition. A successful exploit could allow the attacker to cause the affected device to crash, leading to a DoS condition.",
  "id": "GHSA-2q4r-gmc8-6577",
  "modified": "2022-05-13T01:35:04Z",
  "published": "2022-05-13T01:35:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0480"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-errdisable"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/105400"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1041737"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2018-0480

Vulnerability from fkie_nvd - Published: 2018-10-05 14:29 - Updated: 2024-11-21 03:38

Severity ?

6.1 (Medium) - CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

Summary

References

URL	Tags
psirt@cisco.com	http://www.securityfocus.com/bid/105400	Third Party Advisory, VDB Entry
psirt@cisco.com	http://www.securitytracker.com/id/1041737	Third Party Advisory, VDB Entry
psirt@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-errdisable	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/105400	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1041737	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-errdisable	Vendor Advisory

Impacted products

	Vendor	Product	Version
	cisco	ios_xe	3.6\(5\)

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.6\\(5\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "462E6E9F-24A7-4C18-A880-E4CD54722988",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the errdisable per VLAN feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause the device to crash, leading to a denial of service (DoS) condition. The vulnerability is due to a race condition that occurs when the VLAN and port enter an errdisabled state, resulting in an incorrect state in the software. An attacker could exploit this vulnerability by sending frames that trigger the errdisable condition. A successful exploit could allow the attacker to cause the affected device to crash, leading to a DoS condition."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la caracter\u00edstica errdisable per VLAN en Cisco IOS XE Software podr\u00eda permitir que un atacante adyacente sin autenticar haga que el dispositivo se cierre inesperadamente, provocando una denegaci\u00f3n de servicio (DoS). La vulnerabilidad se debe a una condici\u00f3n de carrera que ocurre cuando VLAN y el puerto entran en estado errdisabled, lo que resulta en un estado incorrecto en el software. Un atacante podr\u00eda explotar esta vulnerabilidad enviando frames que desencadenan la condici\u00f3n errdisabled. Si se explota con \u00e9xito, podr\u00eda permitir que el atacante consiga que el dispositivo afectado se cierre inesperadamente, provocando una denegaci\u00f3n de servicio (DoS)."
    }
  ],
  "id": "CVE-2018-0480",
  "lastModified": "2024-11-21T03:38:19.090",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 5.7,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 5.5,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-10-05T14:29:05.560",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105400"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041737"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-errdisable"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105400"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041737"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-errdisable"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-362"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-362"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2018-0480

Vulnerability from fstec - Published: 26.09.2018

Title

Уязвимость функции per-VLAN errdisable операционной системы Cisco IOS XE, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость функции per-VLAN errdisable операционной системы Cisco IOS XE вызвана одновременным выполнением с использованием общего ресурса с неправильной синхронизацией («Ситуация гонки»). Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать перезагрузку устройства и отказ в обслуживании

Severity ?


                    
                      AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Vendor

Cisco Systems Inc.

Software Name

Cisco IOS XE

Software Version

3.6.5bE (Cisco IOS XE), 3.2.0JA (Cisco IOS XE), 3.7.0e (Cisco IOS XE), 3.7.1e (Cisco IOS XE), 3.7.2e (Cisco IOS XE), 3.7.4e (Cisco IOS XE), 3.7.5e (Cisco IOS XE), 3.7.3e (Cisco IOS XE), 3.2.0SE (Cisco IOS XE), 3.2.1SE (Cisco IOS XE), 3.2.2SE (Cisco IOS XE), 3.2.3SE (Cisco IOS XE), 3.3.0SE (Cisco IOS XE), 3.3.1SE (Cisco IOS XE), 3.3.2SE (Cisco IOS XE), 3.3.3SE (Cisco IOS XE), 3.3.4SE (Cisco IOS XE), 3.3.5SE (Cisco IOS XE), 3.3.0XO (Cisco IOS XE), 3.3.1XO (Cisco IOS XE), 3.3.2XO (Cisco IOS XE), 3.4.0SG (Cisco IOS XE), 3.4.2SG (Cisco IOS XE), 3.4.1SG (Cisco IOS XE), 3.4.3SG (Cisco IOS XE), 3.4.4SG (Cisco IOS XE), 3.4.5SG (Cisco IOS XE), 3.4.6SG (Cisco IOS XE), 3.4.7SG (Cisco IOS XE), 3.4.8SG (Cisco IOS XE), 3.5.0E (Cisco IOS XE), 3.5.1E (Cisco IOS XE), 3.5.2E (Cisco IOS XE), 3.5.3E (Cisco IOS XE), 3.6.0E (Cisco IOS XE), 3.6.1E (Cisco IOS XE), 3.6.0aE (Cisco IOS XE), 3.6.0bE (Cisco IOS XE), 3.6.2aE (Cisco IOS XE), 3.6.2E (Cisco IOS XE), 3.6.3E (Cisco IOS XE), 3.6.4E (Cisco IOS XE), 3.6.5E (Cisco IOS XE), 3.6.6E (Cisco IOS XE), 3.6.5aE (Cisco IOS XE), 3.6.7E (Cisco IOS XE), 3.6.7aE (Cisco IOS XE), 3.6.7bE (Cisco IOS XE), 3.8.0E (Cisco IOS XE), 3.8.1E (Cisco IOS XE), 3.8.2E (Cisco IOS XE), 3.8.3E (Cisco IOS XE), 3.8.4E (Cisco IOS XE), 3.8.5E (Cisco IOS XE), 3.8.5aE (Cisco IOS XE), 3.9.0E (Cisco IOS XE), 3.9.1E (Cisco IOS XE), 3.9.2E (Cisco IOS XE), 3.9.2bE (Cisco IOS XE), 3.10.0E (Cisco IOS XE), 3.2.1SG (Cisco IOS XE), 3.2.2SG (Cisco IOS XE), 3.2.3SG (Cisco IOS XE), 3.2.4SG (Cisco IOS XE), 3.2.5SG (Cisco IOS XE), 3.2.6SG (Cisco IOS XE), 3.2.7SG (Cisco IOS XE), 3.2.8SG (Cisco IOS XE), 3.2.9SG (Cisco IOS XE), 3.2.10SG (Cisco IOS XE), 3.2.11SG (Cisco IOS XE), 3.2.0XO (Cisco IOS XE), 3.3.0SG (Cisco IOS XE), 3.3.2SG (Cisco IOS XE), 3.3.1SG (Cisco IOS XE), 3.3.0SQ (Cisco IOS XE), 3.3.1SQ (Cisco IOS XE), 3.4.0SQ (Cisco IOS XE), 3.4.1SQ (Cisco IOS XE), 3.5.0SQ (Cisco IOS XE), 3.5.1SQ (Cisco IOS XE), 3.5.2SQ (Cisco IOS XE), 3.5.3SQ (Cisco IOS XE), 3.5.4SQ (Cisco IOS XE), 3.5.5SQ (Cisco IOS XE), 3.5.6SQ (Cisco IOS XE), 3.5.7SQ (Cisco IOS XE)

Possible Mitigations

Обновление программного обеспечения до более поздней версии

Reference

https://www.securityfocus.com/bid/105400/info https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-errdisable

CWE

CWE-362

JSON

To clipboard

{
  "CVSS 2.0": "AV:A/AC:M/Au:N/C:N/I:N/A:C",
  "CVSS 3.0": "AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Cisco Systems Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "3.6.5bE (Cisco IOS XE), 3.2.0JA (Cisco IOS XE), 3.7.0e (Cisco IOS XE), 3.7.1e (Cisco IOS XE), 3.7.2e (Cisco IOS XE), 3.7.4e (Cisco IOS XE), 3.7.5e (Cisco IOS XE), 3.7.3e (Cisco IOS XE), 3.2.0SE (Cisco IOS XE), 3.2.1SE (Cisco IOS XE), 3.2.2SE (Cisco IOS XE), 3.2.3SE (Cisco IOS XE), 3.3.0SE (Cisco IOS XE), 3.3.1SE (Cisco IOS XE), 3.3.2SE (Cisco IOS XE), 3.3.3SE (Cisco IOS XE), 3.3.4SE (Cisco IOS XE), 3.3.5SE (Cisco IOS XE), 3.3.0XO (Cisco IOS XE), 3.3.1XO (Cisco IOS XE), 3.3.2XO (Cisco IOS XE), 3.4.0SG (Cisco IOS XE), 3.4.2SG (Cisco IOS XE), 3.4.1SG (Cisco IOS XE), 3.4.3SG (Cisco IOS XE), 3.4.4SG (Cisco IOS XE), 3.4.5SG (Cisco IOS XE), 3.4.6SG (Cisco IOS XE), 3.4.7SG (Cisco IOS XE), 3.4.8SG (Cisco IOS XE), 3.5.0E (Cisco IOS XE), 3.5.1E (Cisco IOS XE), 3.5.2E (Cisco IOS XE), 3.5.3E (Cisco IOS XE), 3.6.0E (Cisco IOS XE), 3.6.1E (Cisco IOS XE), 3.6.0aE (Cisco IOS XE), 3.6.0bE (Cisco IOS XE), 3.6.2aE (Cisco IOS XE), 3.6.2E (Cisco IOS XE), 3.6.3E (Cisco IOS XE), 3.6.4E (Cisco IOS XE), 3.6.5E (Cisco IOS XE), 3.6.6E (Cisco IOS XE), 3.6.5aE (Cisco IOS XE), 3.6.7E (Cisco IOS XE), 3.6.7aE (Cisco IOS XE), 3.6.7bE (Cisco IOS XE), 3.8.0E (Cisco IOS XE), 3.8.1E (Cisco IOS XE), 3.8.2E (Cisco IOS XE), 3.8.3E (Cisco IOS XE), 3.8.4E (Cisco IOS XE), 3.8.5E (Cisco IOS XE), 3.8.5aE (Cisco IOS XE), 3.9.0E (Cisco IOS XE), 3.9.1E (Cisco IOS XE), 3.9.2E (Cisco IOS XE), 3.9.2bE (Cisco IOS XE), 3.10.0E (Cisco IOS XE), 3.2.1SG (Cisco IOS XE), 3.2.2SG (Cisco IOS XE), 3.2.3SG (Cisco IOS XE), 3.2.4SG (Cisco IOS XE), 3.2.5SG (Cisco IOS XE), 3.2.6SG (Cisco IOS XE), 3.2.7SG (Cisco IOS XE), 3.2.8SG (Cisco IOS XE), 3.2.9SG (Cisco IOS XE), 3.2.10SG (Cisco IOS XE), 3.2.11SG (Cisco IOS XE), 3.2.0XO (Cisco IOS XE), 3.3.0SG (Cisco IOS XE), 3.3.2SG (Cisco IOS XE), 3.3.1SG (Cisco IOS XE), 3.3.0SQ (Cisco IOS XE), 3.3.1SQ (Cisco IOS XE), 3.4.0SQ (Cisco IOS XE), 3.4.1SQ (Cisco IOS XE), 3.5.0SQ (Cisco IOS XE), 3.5.1SQ (Cisco IOS XE), 3.5.2SQ (Cisco IOS XE), 3.5.3SQ (Cisco IOS XE), 3.5.4SQ (Cisco IOS XE), 3.5.5SQ (Cisco IOS XE), 3.5.6SQ (Cisco IOS XE), 3.5.7SQ (Cisco IOS XE)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "26.09.2018",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.03.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "15.01.2019",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-00055",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2018-0480",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Cisco IOS XE",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Cisco Systems Inc. Cisco IOS XE 3.6.5bE , Cisco Systems Inc. Cisco IOS XE 3.2.0JA , Cisco Systems Inc. Cisco IOS XE 3.7.0e , Cisco Systems Inc. Cisco IOS XE 3.7.1e , Cisco Systems Inc. Cisco IOS XE 3.7.2e , Cisco Systems Inc. Cisco IOS XE 3.7.4e , Cisco Systems Inc. Cisco IOS XE 3.7.5e , Cisco Systems Inc. Cisco IOS XE 3.7.3e , Cisco Systems Inc. Cisco IOS XE 3.2.0SE , Cisco Systems Inc. Cisco IOS XE 3.2.1SE , Cisco Systems Inc. Cisco IOS XE 3.2.2SE , Cisco Systems Inc. Cisco IOS XE 3.2.3SE , Cisco Systems Inc. Cisco IOS XE 3.3.0SE , Cisco Systems Inc. Cisco IOS XE 3.3.1SE , Cisco Systems Inc. Cisco IOS XE 3.3.2SE , Cisco Systems Inc. Cisco IOS XE 3.3.3SE , Cisco Systems Inc. Cisco IOS XE 3.3.4SE , Cisco Systems Inc. Cisco IOS XE 3.3.5SE , Cisco Systems Inc. Cisco IOS XE 3.3.0XO , Cisco Systems Inc. Cisco IOS XE 3.3.1XO , Cisco Systems Inc. Cisco IOS XE 3.3.2XO , Cisco Systems Inc. Cisco IOS XE 3.4.0SG , Cisco Systems Inc. Cisco IOS XE 3.4.2SG , Cisco Systems Inc. Cisco IOS XE 3.4.1SG , Cisco Systems Inc. Cisco IOS XE 3.4.3SG , Cisco Systems Inc. Cisco IOS XE 3.4.4SG , Cisco Systems Inc. Cisco IOS XE 3.4.5SG , Cisco Systems Inc. Cisco IOS XE 3.4.6SG , Cisco Systems Inc. Cisco IOS XE 3.4.7SG , Cisco Systems Inc. Cisco IOS XE 3.4.8SG , Cisco Systems Inc. Cisco IOS XE 3.5.0E , Cisco Systems Inc. Cisco IOS XE 3.5.1E , Cisco Systems Inc. Cisco IOS XE 3.5.2E , Cisco Systems Inc. Cisco IOS XE 3.5.3E , Cisco Systems Inc. Cisco IOS XE 3.6.0E , Cisco Systems Inc. Cisco IOS XE 3.6.1E , Cisco Systems Inc. Cisco IOS XE 3.6.0aE , Cisco Systems Inc. Cisco IOS XE 3.6.0bE , Cisco Systems Inc. Cisco IOS XE 3.6.2aE , Cisco Systems Inc. Cisco IOS XE 3.6.2E , Cisco Systems Inc. Cisco IOS XE 3.6.3E , Cisco Systems Inc. Cisco IOS XE 3.6.4E , Cisco Systems Inc. Cisco IOS XE 3.6.5E , Cisco Systems Inc. Cisco IOS XE 3.6.6E , Cisco Systems Inc. Cisco IOS XE 3.6.5aE , Cisco Systems Inc. Cisco IOS XE 3.6.7E , Cisco Systems Inc. Cisco IOS XE 3.6.7aE , Cisco Systems Inc. Cisco IOS XE 3.6.7bE , Cisco Systems Inc. Cisco IOS XE 3.8.0E , Cisco Systems Inc. Cisco IOS XE 3.8.1E , Cisco Systems Inc. Cisco IOS XE 3.8.2E , Cisco Systems Inc. Cisco IOS XE 3.8.3E , Cisco Systems Inc. Cisco IOS XE 3.8.4E , Cisco Systems Inc. Cisco IOS XE 3.8.5E , Cisco Systems Inc. Cisco IOS XE 3.8.5aE , Cisco Systems Inc. Cisco IOS XE 3.9.0E , Cisco Systems Inc. Cisco IOS XE 3.9.1E , Cisco Systems Inc. Cisco IOS XE 3.9.2E , Cisco Systems Inc. Cisco IOS XE 3.9.2bE , Cisco Systems Inc. Cisco IOS XE 3.10.0E , Cisco Systems Inc. Cisco IOS XE 3.2.1SG , Cisco Systems Inc. Cisco IOS XE 3.2.2SG , Cisco Systems Inc. Cisco IOS XE 3.2.3SG , Cisco Systems Inc. Cisco IOS XE 3.2.4SG , Cisco Systems Inc. Cisco IOS XE 3.2.5SG , Cisco Systems Inc. Cisco IOS XE 3.2.6SG , Cisco Systems Inc. Cisco IOS XE 3.2.7SG , Cisco Systems Inc. Cisco IOS XE 3.2.8SG , Cisco Systems Inc. Cisco IOS XE 3.2.9SG , Cisco Systems Inc. Cisco IOS XE 3.2.10SG , Cisco Systems Inc. Cisco IOS XE 3.2.11SG , Cisco Systems Inc. Cisco IOS XE 3.2.0XO , Cisco Systems Inc. Cisco IOS XE 3.3.0SG , Cisco Systems Inc. Cisco IOS XE 3.3.2SG , Cisco Systems Inc. Cisco IOS XE 3.3.1SG , Cisco Systems Inc. Cisco IOS XE 3.3.0SQ , Cisco Systems Inc. Cisco IOS XE 3.3.1SQ , Cisco Systems Inc. Cisco IOS XE 3.4.0SQ , Cisco Systems Inc. Cisco IOS XE 3.4.1SQ , Cisco Systems Inc. Cisco IOS XE 3.5.0SQ , Cisco Systems Inc. Cisco IOS XE 3.5.1SQ , Cisco Systems Inc. Cisco IOS XE 3.5.2SQ , Cisco Systems Inc. Cisco IOS XE 3.5.3SQ , Cisco Systems Inc. Cisco IOS XE 3.5.4SQ , Cisco Systems Inc. Cisco IOS XE 3.5.5SQ , Cisco Systems Inc. Cisco IOS XE 3.5.6SQ , Cisco Systems Inc. Cisco IOS XE 3.5.7SQ ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 per-VLAN errdisable \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Cisco IOS XE, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041e\u0434\u043d\u043e\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043e\u0431\u0449\u0435\u0433\u043e \u0440\u0435\u0441\u0443\u0440\u0441\u0430 \u0441 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0439 \u0441\u0438\u043d\u0445\u0440\u043e\u043d\u0438\u0437\u0430\u0446\u0438\u0435\u0439 (\u00ab\u0421\u0438\u0442\u0443\u0430\u0446\u0438\u044f \u0433\u043e\u043d\u043a\u0438\u00bb) (CWE-362)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 per-VLAN errdisable \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Cisco IOS XE \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u043e\u0434\u043d\u043e\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043e\u0431\u0449\u0435\u0433\u043e \u0440\u0435\u0441\u0443\u0440\u0441\u0430 \u0441 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0439 \u0441\u0438\u043d\u0445\u0440\u043e\u043d\u0438\u0437\u0430\u0446\u0438\u0435\u0439 (\u00ab\u0421\u0438\u0442\u0443\u0430\u0446\u0438\u044f \u0433\u043e\u043d\u043a\u0438\u00bb). \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043f\u0435\u0440\u0435\u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0443 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u0438 \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u043e\u043a\u0430\u043c\u0438 \u0438 \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435\u043c",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.securityfocus.com/bid/105400/info\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-errdisable",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-362",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,7)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,4)"
}

CERTFR-2018-AVI-458

Vulnerability from certfr_avis - Published: 2018-09-27 - Updated: 2018-09-27

De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer une exécution de code arbitraire et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	IOS XE	Logiciel Cisco IOS XE vulnérable configuré avec la fonctionnalité NAT
Cisco	IOS	Commutateur Industrial Ethernet 2000 Series exécutant une version vulnérable de Cisco IOS et configuré pour gérer les paquets PTP
Cisco	IOS	Commutateur Industrial Ethernet 4000 Series exécutant une version vulnérable de Cisco IOS et configuré pour gérer les paquets PTP
Cisco	IOS XE	Commutateurs Cisco Catalyst 3650 et 3850 exécutant une version logiciel Cisco IOS XE vulnérable avec le serveur HTTP activé
Cisco	IOS	Commutateur Industrial Ethernet 5000 Series exécutant une version vulnérable de Cisco IOS et configuré pour gérer les paquets PTP
Cisco	IOS	Commutateur Industrial Ethernet 3010 Series exécutant une version vulnérable de Cisco IOS et configuré pour gérer les paquets PTP
Cisco	IOS XE	Commutateur Cisco Catalyst 3650, 3850 et 4500E exécutant une version vulnérable du logiciel Cisco IOS XE avec la fonctionnalité errdisable activé
Cisco	IOS XE	Routeurs Cisco ISR G2 ou Cisco ISR4451-X avec un module SM-X-1T3/E3 installé et exécutant une version vulnérable des logiciels Cisco IOS ou IOS XE
Cisco	IOS	Commutateur Industrial Ethernet 4010 Series exécutant une version vulnérable de Cisco IOS et configuré pour gérer les paquets PTP
Cisco	IOS	Commutateur Connected Grid Ethernet Module Interface Card exécutant une version vulnérable de Cisco IOS et configuré pour gérer les paquets PTP
Cisco	IOS XE	Logiciel Cisco IOS XE vulnérable avec le serveur HTTP activé
Cisco	IOS XE	Commutateur Cisco Catalyst exécutant une version logiciel vulnérable de Cisco IOS ou Cisco IOS XE avec la fonctionnalité cluster activé
Cisco	N/A	Logiciels Cisco IOS XE et certains équipements de la série Cisco 5500-X Adaptive Security Appliances (ASA) exécutant le logiciel Cisco ASA ou Cisco Firepower Threat Defense (FTD)
Cisco	IOS XE	Logiciels Cisco IOS et IOS XE vulnérables configurés avec une adresse IPv6
Cisco	IOS	Commutateur Industrial Ethernet 2000U Series exécutant une version vulnérable de Cisco IOS et configuré pour gérer les paquets PTP
Cisco	IOS XE	Logiciels Cisco IOS et IOS XE vulnérables configurés avec la fonctionnalité OSPFv3
Cisco	IOS	Commutateur Industrial Ethernet 3000 Series exécutant une version vulnérable de Cisco IOS et configuré pour gérer les paquets PTP
Cisco	IOS	Commutateur 2500 Series Connected Grid exécutant une version vulnérable de Cisco IOS et configuré pour gérer les paquets PTP
Cisco	IOS XE	Logiciels Cisco IOS XE en version 16.6.1 ou 16.6.2 avec la fonctionnalité CDP activé

References

Title

Publication Time

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-0480 (GCVE-0-2018-0480)

CNVD-2018-20298

GSD-2018-0480

GHSA-2Q4R-GMC8-6577

FKIE_CVE-2018-0480

CVE-2018-0480

CERTFR-2018-AVI-458

Solution

Tags

Sightings

Nomenclature