CVE-2018-0172
Published: 28 March 2018
Summary
CVE-2018-0172 is a high-severity Improper Input Validation (CWE-20) vulnerability in Cisco Ios. Its CVSS base score is 8.6 (High).
Operationally, ranked in the top 8.9% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated remote attacker to trigger a heap overflow condition. The flaw stems from incomplete input validation of option 82 data received in DHCPv4 packets from relay agents, as tracked under Cisco Bug ID CSCvg62730 and assigned CWE-20 and CWE-787. Successful exploitation results in a device reload and denial of service.
An attacker can exploit the issue by sending a crafted DHCPv4 packet to an affected device over the network. No authentication or user interaction is required, and the attack can be launched remotely with low complexity, producing a CVSS 3.1 base score of 8.6 that reflects high availability impact across security contexts.
Cisco has published Security Advisory cisco-sa-20180328-dhcpr1 along with related ICS-CERT advisories ICSA-18-107-04 and ICSA-18-107-05 that address the issue; practitioners should consult these documents for mitigation steps and software updates.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2018-0995
Vulnerability details
A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The…
more
vulnerability exists because the affected software performs incomplete input validation of option 82 information that it receives in DHCP Version 4 (DHCPv4) packets from DHCP relay agents. An attacker could exploit this vulnerability by sending a crafted DHCPv4 packet to an affected device. A successful exploit could allow the attacker to cause a heap overflow condition on the affected device, which will cause the device to reload and result in a DoS condition. Cisco Bug IDs: CSCvg62730.
- CWE(s)
- KEV Date Added
- 03 March 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces validation of DHCPv4 option 82 data before processing, eliminating the incomplete input validation root cause (CWE-20) that triggers the heap overflow.
Requires timely application of vendor patches that correct the DHCP option 82 handling flaw (CSCvg62730) before an attacker can send a crafted packet.
Limits the effects of the resulting denial-of-service condition by protecting availability when a heap overflow reload is triggered by the malformed DHCP packet.