CVE-2018-0151
Published: 28 March 2018
Summary
CVE-2018-0151 is a critical-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Cisco Ios Xe. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 9.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-7 (Boundary Protection) and SI-10 (Information Input Validation).
Deeper analysis
A vulnerability exists in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software, tracked as Cisco Bug ID CSCvf73881. It stems from incorrect bounds checking on values in packets sent to UDP port 18999, which can trigger a buffer overflow condition (CWE-119) when the packets are processed by an affected device. The issue does not affect transit traffic. It carries a CVSS 3.1 score of 9.8.
An unauthenticated remote attacker can exploit the flaw by sending crafted packets to an exposed device. Successful exploitation may permit arbitrary code execution with elevated privileges or force a device reload, resulting in a temporary denial of service.
The referenced Cisco Security Advisory cisco-sa-20180328-qos, along with related notices from ICS-CERT and security trackers, provides mitigation guidance and patch availability for affected releases. No information on observed in-the-wild exploitation is supplied in the source data.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2018-0974
Vulnerability details
A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges. The…
more
vulnerability is due to incorrect bounds checking of certain values in packets that are destined for UDP port 18999 of an affected device. An attacker could exploit this vulnerability by sending malicious packets to an affected device. When the packets are processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code on the affected device with elevated privileges. The attacker could also leverage this vulnerability to cause the device to reload, causing a temporary DoS condition while the device is reloading. The malicious packets must be destined to and processed by an affected device. Traffic transiting a device will not trigger the vulnerability. Cisco Bug IDs: CSCvf73881.
- CWE(s)
- KEV Date Added
- 03 March 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of all input (including packet fields to UDP 18999) to enforce proper bounds checking and eliminate the buffer overflow root cause.
Enforces boundary protection and traffic filtering so that crafted packets never reach the vulnerable QoS UDP listener on the device.
Mandates timely application of vendor patches that correct the bounds-checking flaw (CSCvf73881) before exploitation occurs.