Cyber Resilience

CVE-2018-0173

HighCISA KEVActive ExploitationEUVD Exploited

Published: 28 March 2018

Published
28 March 2018
Modified
14 January 2026
KEV Added
03 March 2022
Patch
CVSS Score v3.1 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS Score 0.0542 90.4th percentile
Risk Priority 40 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2018-0173 is a high-severity Improper Input Validation (CWE-20) vulnerability in Cisco Ios. Its CVSS base score is 8.6 (High).

Operationally, ranked in the top 9.6% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

A vulnerability exists in the Cisco IOS Software and Cisco IOS XE Software function responsible for restoring encapsulated option 82 information in DHCPv4 packets. The issue stems from incomplete input validation of this encapsulated data received in DHCPOFFER messages from DHCPv4 servers, as tracked under Cisco Bug ID CSCvg62754 and CWE-20. Affected components are the DHCP relay agent implementations within these Cisco operating systems.

An unauthenticated remote attacker can exploit the flaw by sending a crafted DHCPv4 packet to an affected device, which forwards it to a DHCPv4 server. Upon processing the option 82 information in the server's response, the device encounters an error that triggers a reload, producing a Relay Reply denial-of-service condition. The vulnerability carries a CVSS 3.1 score of 8.6, reflecting network attack vector, low complexity, and high availability impact without requiring privileges or user interaction.

Public advisories from Cisco, ICS-CERT, and related trackers direct administrators to the Cisco Security Advisory for mitigation steps, including software updates that address the input validation error. No information on observed in-the-wild exploitation is provided in the source references.

EU & UK References

Vulnerability details

A vulnerability in the Cisco IOS Software and Cisco IOS XE Software function that restores encapsulated option 82 information in DHCP Version 4 (DHCPv4) packets could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in…

more

a Relay Reply denial of service (DoS) condition. The vulnerability exists because the affected software performs incomplete input validation of encapsulated option 82 information that it receives in DHCPOFFER messages from DHCPv4 servers. An attacker could exploit this vulnerability by sending a crafted DHCPv4 packet to an affected device, which the device would then forward to a DHCPv4 server. When the affected software processes the option 82 information that is encapsulated in the response from the server, an error could occur. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvg62754.

CWE(s)
KEV Date Added
03 March 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

cisco
ios
denali-16.3.4 · ≤ 15.2\(6\)e0a · ≤ 15.2\(4a\)ea5
cisco
ios xe
denali-16.3.4 · ≤ 15.2\(6\)e0a · ≤ 15.2\(4a\)ea5

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of all input (here, encapsulated DHCP option 82 data) before processing, preventing the crafted-packet trigger that causes the reload.

prevent

Mandates timely installation of vendor patches that correct the incomplete input-validation flaw (CSCvg62754) in the DHCP relay path.

prevent

Requires mechanisms to protect against or limit denial-of-service conditions that result from malformed DHCP relay traffic.

References