CVE-2018-0173
Published: 28 March 2018
Summary
CVE-2018-0173 is a high-severity Improper Input Validation (CWE-20) vulnerability in Cisco Ios. Its CVSS base score is 8.6 (High).
Operationally, ranked in the top 9.6% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
A vulnerability exists in the Cisco IOS Software and Cisco IOS XE Software function responsible for restoring encapsulated option 82 information in DHCPv4 packets. The issue stems from incomplete input validation of this encapsulated data received in DHCPOFFER messages from DHCPv4 servers, as tracked under Cisco Bug ID CSCvg62754 and CWE-20. Affected components are the DHCP relay agent implementations within these Cisco operating systems.
An unauthenticated remote attacker can exploit the flaw by sending a crafted DHCPv4 packet to an affected device, which forwards it to a DHCPv4 server. Upon processing the option 82 information in the server's response, the device encounters an error that triggers a reload, producing a Relay Reply denial-of-service condition. The vulnerability carries a CVSS 3.1 score of 8.6, reflecting network attack vector, low complexity, and high availability impact without requiring privileges or user interaction.
Public advisories from Cisco, ICS-CERT, and related trackers direct administrators to the Cisco Security Advisory for mitigation steps, including software updates that address the input validation error. No information on observed in-the-wild exploitation is provided in the source references.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2018-0996
Vulnerability details
A vulnerability in the Cisco IOS Software and Cisco IOS XE Software function that restores encapsulated option 82 information in DHCP Version 4 (DHCPv4) packets could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in…
more
a Relay Reply denial of service (DoS) condition. The vulnerability exists because the affected software performs incomplete input validation of encapsulated option 82 information that it receives in DHCPOFFER messages from DHCPv4 servers. An attacker could exploit this vulnerability by sending a crafted DHCPv4 packet to an affected device, which the device would then forward to a DHCPv4 server. When the affected software processes the option 82 information that is encapsulated in the response from the server, an error could occur. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvg62754.
- CWE(s)
- KEV Date Added
- 03 March 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of all input (here, encapsulated DHCP option 82 data) before processing, preventing the crafted-packet trigger that causes the reload.
Mandates timely installation of vendor patches that correct the incomplete input-validation flaw (CSCvg62754) in the DHCP relay path.
Requires mechanisms to protect against or limit denial-of-service conditions that result from malformed DHCP relay traffic.