CVE-2018-0369

Name of the Vulnerable Software and Affected Versions Cisco Virtualized Packet Core-Single Instance (VPC-SI) (affected versions not specified) Cisco Virtualized Packet Core-Distributed Instance (VPC-DI) (affected versions not specified) Cisco Ultra Packet Core (UPC) (affected versions not specified)

Description A vulnerability in the reassembly logic for fragmented IPv4 packets could allow an unauthenticated, remote attacker to trigger a reload of the npusim process, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of fragmented IPv4 packets containing options. An attacker could exploit this vulnerability by sending a malicious IPv4 packet across an affected device, triggering a restart of the npusim process and causing all traffic queued toward this instance to be dropped while the process is restarting.

Recommendations For Cisco Virtualized Packet Core-Single Instance (VPC-SI), consider temporarily disabling the handling of fragmented IPv4 packets containing options until a patch is available. For Cisco Virtualized Packet Core-Distributed Instance (VPC-DI), restrict access to the npusim process to minimize the risk of exploitation. For Cisco Ultra Packet Core (UPC), avoid using the vulnerable reassembly logic for fragmented IPv4 packets until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.