Cyber Resilience

CVE-2018-0174

HighCISA KEVActive ExploitationEUVD Exploited

Published: 28 March 2018

Published
28 March 2018
Modified
14 January 2026
KEV Added
03 March 2022
Patch
CVSS Score v3.1 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS Score 0.0542 90.4th percentile
Risk Priority 40 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2018-0174 is a high-severity Improper Input Validation (CWE-20) vulnerability in Cisco Ios. Its CVSS base score is 8.6 (High).

Operationally, ranked in the top 9.6% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).

Deeper analysis

A vulnerability exists in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software due to incomplete input validation of option 82 information received in DHCPv4 packets from relay agents. The flaw, tracked under Cisco Bug ID CSCuh91645 and assigned CWE-20, permits an unauthenticated remote attacker to trigger a device reload by sending a specially crafted DHCPv4 packet, resulting in a denial-of-service condition. The issue carries a CVSS 3.1 base score of 8.6, reflecting network attack vector, low complexity, and high availability impact with changed scope.

An unauthenticated remote attacker can exploit the weakness by transmitting a crafted DHCPv4 packet containing malformed option 82 data toward an affected Cisco IOS or IOS XE device acting as a DHCP server or relay. Successful exploitation causes the device to reload, producing a denial-of-service condition without requiring authentication or user interaction.

Cisco has published Security Advisory cisco-sa-20180328-dhcpr3 along with related ICS-CERT advisories ICSA-18-107-04 and ICSA-18-107-05 that address the issue; additional details appear in SecurityFocus BID 103554 and SecurityTracker ID 1040591.

EU & UK References

Vulnerability details

A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The…

more

vulnerability exists because the affected software performs incomplete input validation of option 82 information that it receives in DHCP Version 4 (DHCPv4) packets from DHCP relay agents. An attacker could exploit this vulnerability by sending a crafted DHCPv4 packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCuh91645.

CWE(s)
KEV Date Added
03 March 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

cisco
ios
12.2\(33\)sre7a · ≤ 15.2\(4a\)ea5 · ≤ 15.2\(6\)e0a
cisco
ios xe
12.2\(33\)sre7a · ≤ 15.2\(4a\)ea5 · ≤ 15.2\(6\)e0a

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of all inputs (here DHCPv4 option 82 data) before processing, eliminating the malformed-packet root cause.

prevent

Mandates protection against or limitation of DoS effects, specifically countering the device reload triggered by crafted DHCP packets.

prevent

Boundary-protection mechanisms can filter or drop malformed DHCPv4 packets at network ingress before they reach the vulnerable IOS stack.

References