CVE-2018-15373

{"id": "CVE-2018-15373", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.1, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 7.4, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 2.8}]}, "published": "2018-10-05T14:29:06.420", "references": [{"url": "http://www.securityfocus.com/bid/105413", "tags": ["VDB Entry", "Third Party Advisory"], "source": "ykramarz@cisco.com"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-094-03", "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-cdp-dos", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-770"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-399"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the implementation of Cisco Discovery Protocol functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust memory on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper memory handling by the affected software when the software processes high rates of Cisco Discovery Protocol packets that are sent to a device. An attacker could exploit this vulnerability by sending a high rate of Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to exhaust memory on the affected device, resulting in a DoS condition."}, {"lang": "es", "value": "Una vulnerabilidad en la implementaci\u00f3n de la funcionalidad Cisco Discovery Protocol en Cisco IOS Software y Cisco IOS XE Software podr\u00eda permitir que un atacante adyacente sin autenticar agote la memoria de un dispositivo afectado, provocando una denegaci\u00f3n de servicio (DoS) en consecuencia. La vulnerabilidad se debe a la gesti\u00f3n incorrecta de la memoria por parte del software afectado cuando el software procesa grandes vol\u00famenes de paquetes Cisco Discovery Protocol que se env\u00edan a un dispositivo. Un atacante podr\u00eda explotar esta vulnerabilidad enviando un gran volumen de paquetes Cisco Discovery Protocol a un dispositivo afectado. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir que el atacante agote la memoria en el dispositivo afectado y provoque una denegaci\u00f3n de servicio (DoS)."}], "lastModified": "2019-10-03T00:03:26.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios:15.5\\(3\\)s3.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7C1737C8-CB77-4946-93E1-0EF59495D1FD"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:15.5\\(3\\)s3.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0FE2B344-03AB-44B5-9889-B702AFC57F53"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}