An attacker could exploit this vulnerability by sending a crafted BFD message to or across an affected switch. The vulnerability is due to insufficient error handling when the BFD header in a BFD packet is incomplete. 3.2.3 7PK – ERRORS CWE-388Ī vulnerability in the Bidirectional Forwarding Detection (BFD) offload implementation could allow an unauthenticated remote attacker to cause a crash of the iosd process, causing a DoS condition. A CVSS v3 base score of 8.6 has been assigned the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H). An attacker could exploit this vulnerability by sending a crafted packet to an affected device on TCP port 4786.ĬVE-2018-0156 has been assigned to this vulnerability. The vulnerability is due to improper validation of packet data. 3.2.2 RESOURCE MANAGEMENT ERRORS CWE-399Ī vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated remote attacker to trigger a reload of an affected device, resulting in a DoS condition. A CVSS v3 base score of 9.8 has been calculated the CVSS vector string is ( AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). A successful exploit could allow the attacker to cause a buffer overflow on the affected device.ĬVE-2018-0171 has been assigned to this vulnerability. ![]() An attacker could exploit this vulnerability by sending a crafted Smart Install message to an affected device on TCP port 4786. Allen-Bradley Stratix 8300 Industrial Managed Ethernet Switches, versions 15.2(4a)EA5 and earlier.ģ.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER INPUT VALIDATION CWE-20Ī vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on an affected device.The following versions of Allen-Bradley Stratix Industrial Managed Ethernet Switch use a vulnerable version of Cisco IOS or IOS XE: Successful exploitation of these vulnerabilities could result in loss of availability, confidentiality, and/or integrity caused by memory exhaustion, module restart, information corruption, and/or information exposure. Vulnerabilities: Improper Input Validation, Resource Management Errors, 7PK – Errors, Improper Restriction of Operations within the Bounds of a Memory Buffer, Use of Externally-Controlled Format String. ![]() Equipment: Allen-Bradley Stratix Industrial Managed Ethernet Switch.ATTENTION: Exploitable remotely/low skill level to exploit.
0 Comments
Leave a Reply. |