PT-2018-2104 · Cisco · Cisco Ios Xe

Published

2018-09-26

Updated

2019-10-09

CVE-2018-0480

CVSS v3.1

6.1

Medium

Vector

AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software (affected versions not specified)

Description A vulnerability in the errdisable per VLAN feature could allow an unauthenticated, adjacent attacker to cause the device to crash, leading to a denial of service (DoS) condition. The issue is due to a race condition that occurs when the VLAN and port enter an errdisabled state, resulting in an incorrect state in the software. An attacker could exploit this by sending frames that trigger the errdisable condition, potentially causing the affected device to crash.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

BDU:2019-00055

CVE-2018-0480

Affected Products

Cisco Ios Xe

PT-2018-2104 · Cisco · Cisco Ios Xe

CVE-2018-0480

Weakness Enumeration

Related Identifiers

Affected Products

References · 7