Vulnerability Description
A vulnerability in the IP Version 4 (IPv4) processing code of Cisco IOS XE Software running on Cisco Catalyst 3850 and Cisco Catalyst 3650 Series Switches could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain IPv4 packets. An attacker could exploit this vulnerability by sending specific IPv4 packets to an IPv4 address on an affected device. A successful exploit could allow the attacker to cause high CPU utilization, traceback messages, or a reload of the affected device that leads to a DoS condition. If the switch does not reboot when under attack, it would require manual intervention to reload the device. This vulnerability affects Cisco Catalyst 3850 and Cisco Catalyst 3650 Series Switches that are running Cisco IOS XE Software Release 16.1.1 or later, until the first fixed release, and are configured with an IPv4 address. Cisco Bug IDs: CSCvd80714.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Ios Xe | denali-16.3.1 |
| Cisco | 4321 Integrated Services Router | - |
| Cisco | 4331 Integrated Services Router | - |
| Cisco | 4351 Integrated Services Router | - |
| Cisco | 4431 Integrated Services Router | - |
| Cisco | 4451-X Integrated Services Router | - |
| Cisco | Asr 1000 Series Route Processor \(Rp2\) | - |
| Cisco | Asr 1000 Series Route Processor \(Rp3\) | - |
| Cisco | Asr 1001-Hx | - |
| Cisco | Asr 1001-X | - |
| Cisco | Asr 1002-Hx | - |
| Cisco | Asr 1002-X | - |
| Cisco | Catalyst 3650-12X48Fd-E | - |
| Cisco | Catalyst 3650-12X48Fd-L | - |
| Cisco | Catalyst 3650-12X48Fd-S | - |
| Cisco | Catalyst 3650-12X48Uq-E | - |
| Cisco | Catalyst 3650-12X48Uq-L | - |
| Cisco | Catalyst 3650-12X48Uq-S | - |
| Cisco | Catalyst 3650-12X48Ur-E | - |
| Cisco | Catalyst 3650-12X48Ur-L | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/103563Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040588Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- http://www.securityfocus.com/bid/103563Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040588Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
FAQ
What is CVE-2018-0177?
CVE-2018-0177 is a vulnerability with a CVSS score of 7.5 (HIGH). A vulnerability in the IP Version 4 (IPv4) processing code of Cisco IOS XE Software running on Cisco Catalyst 3850 and Cisco Catalyst 3650 Series Switches could allow an unauthenticated, remote attack...
How severe is CVE-2018-0177?
CVE-2018-0177 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-0177?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios Xe, Cisco 4321 Integrated Services Router, Cisco 4331 Integrated Services Router, Cisco 4351 Integrated Services Router, Cisco 4431 Integrated Services Router.