CVE-2018-0155
Published: 28 March 2018
Summary
CVE-2018-0155 is a high-severity Improper Handling of Exceptional Conditions (CWE-755) vulnerability in Cisco Ios. Its CVSS base score is 8.6 (High).
Operationally, ranked in the top 5.4% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).
Deeper analysis
A vulnerability exists in the Bidirectional Forwarding Detection (BFD) offload implementation of Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches. The flaw stems from insufficient error handling when processing BFD packets that contain an incomplete BFD header, which can cause the iosd process to crash. Affected hardware includes the Catalyst 4500 Supervisor Engine 6-E (K5), 6L-E (K10), 7-E (K10), 7L-E (K10), 8-E (K10), 8L-E (K10), 9-E (K10), Catalyst 4500-X Series Switches (K10), Catalyst 4900M Switch (K5), and Catalyst 4948E Ethernet Switch (K5), as tracked under Cisco Bug ID CSCvc40729.
An unauthenticated remote attacker can exploit the issue by sending a crafted BFD message to or across an affected switch. Successful exploitation results in a denial-of-service condition through a system reload. The vulnerability carries a CVSS 3.1 base score of 8.6, reflecting network attack vector, low attack complexity, and no required privileges or user interaction, with high impact on availability and scope change.
The Cisco Security Advisory cisco-sa-20180328-bfd, along with related notices from SecurityFocus, SecurityTracker, and ICS-CERT, provides official details on the issue and recommended mitigation steps. No information on observed in-the-wild exploitation is included in the available references.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2018-0978
Vulnerability details
A vulnerability in the Bidirectional Forwarding Detection (BFD) offload implementation of Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches could allow an unauthenticated, remote attacker to cause a crash of the iosd process, causing a denial of…
more
service (DoS) condition. The vulnerability is due to insufficient error handling when the BFD header in a BFD packet is incomplete. An attacker could exploit this vulnerability by sending a crafted BFD message to or across an affected switch. A successful exploit could allow the attacker to trigger a reload of the system. This vulnerability affects Catalyst 4500 Supervisor Engine 6-E (K5), Catalyst 4500 Supervisor Engine 6L-E (K10), Catalyst 4500 Supervisor Engine 7-E (K10), Catalyst 4500 Supervisor Engine 7L-E (K10), Catalyst 4500E Supervisor Engine 8-E (K10), Catalyst 4500E Supervisor Engine 8L-E (K10), Catalyst 4500E Supervisor Engine 9-E (K10), Catalyst 4500-X Series Switches (K10), Catalyst 4900M Switch (K5), Catalyst 4948E Ethernet Switch (K5). Cisco Bug IDs: CSCvc40729.
- CWE(s)
- KEV Date Added
- 03 March 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly addresses the root cause of insufficient validation and error handling for incomplete/malformed BFD packet headers.
Provides explicit denial-of-service protections that would block or limit crafted BFD packets from triggering iosd crashes and reloads.
Requires timely application of the vendor patch (CSCvc40729) that corrects the BFD offload flaw in the listed Catalyst supervisor engines.