CVE-2018-0117

Name of the Vulnerable Software and Affected Versions: Cisco Virtualized Packet Core-Distributed Instance (VPC-DI) Software versions N4.0 through N5.5 Cisco StarOS operating system versions 19.2 through 21.3

Description: A vulnerability in the ingress packet processing functionality could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition by sending malicious traffic to the internal distributed instance network address. The issue is due to insufficient handling of user-supplied data, which could cause an unhandled error condition, leading to the reload of control function instances and the entire system, resulting in the disconnection of all subscribers.

Recommendations: For Cisco Virtualized Packet Core-Distributed Instance (VPC-DI) Software versions N4.0 through N5.5, update the software to a version that includes the fix for Cisco Bug ID CSCve17656. For Cisco StarOS operating system versions 19.2 through 21.3, ensure the operating system is updated to a version that includes the necessary security patches to mitigate this issue.