CVE-2018-0174
Published: 28 March 2018
Summary
CVE-2018-0174 is a high-severity Improper Input Validation (CWE-20) vulnerability in Cisco Ios. Its CVSS base score is 8.6 (High).
Operationally, ranked in the top 9.6% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).
Deeper analysis
A vulnerability exists in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software due to incomplete input validation of option 82 information received in DHCPv4 packets from relay agents. The flaw, tracked under Cisco Bug ID CSCuh91645 and assigned CWE-20, permits an unauthenticated remote attacker to trigger a device reload by sending a specially crafted DHCPv4 packet, resulting in a denial-of-service condition. The issue carries a CVSS 3.1 base score of 8.6, reflecting network attack vector, low complexity, and high availability impact with changed scope.
An unauthenticated remote attacker can exploit the weakness by transmitting a crafted DHCPv4 packet containing malformed option 82 data toward an affected Cisco IOS or IOS XE device acting as a DHCP server or relay. Successful exploitation causes the device to reload, producing a denial-of-service condition without requiring authentication or user interaction.
Cisco has published Security Advisory cisco-sa-20180328-dhcpr3 along with related ICS-CERT advisories ICSA-18-107-04 and ICSA-18-107-05 that address the issue; additional details appear in SecurityFocus BID 103554 and SecurityTracker ID 1040591.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2018-0997
Vulnerability details
A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The…
more
vulnerability exists because the affected software performs incomplete input validation of option 82 information that it receives in DHCP Version 4 (DHCPv4) packets from DHCP relay agents. An attacker could exploit this vulnerability by sending a crafted DHCPv4 packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCuh91645.
- CWE(s)
- KEV Date Added
- 03 March 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of all inputs (here DHCPv4 option 82 data) before processing, eliminating the malformed-packet root cause.
Mandates protection against or limitation of DoS effects, specifically countering the device reload triggered by crafted DHCP packets.
Boundary-protection mechanisms can filter or drop malformed DHCPv4 packets at network ingress before they reach the vulnerable IOS stack.