7.1
CWE
371
Advisory Published
Updated

CVE-2018-0282: Cisco IOS and IOS XE Software TCP Denial of Service Vulnerability

First published: Thu Jan 10 2019(Updated: )

A vulnerability in the TCP socket code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a state condition between the socket state and the transmission control block (TCB) state. While this vulnerability potentially affects all TCP applications, the only affected application observed so far is the HTTP server. An attacker could exploit this vulnerability by sending specific HTTP requests at a sustained rate to a reachable IP address of the affected software. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition on an affected device.

Credit: ykramarz@cisco.com

Affected SoftwareAffected VersionHow to fix
Cisco IOS=15.2\(2\)e4
Cisco IOS XE
Cisco Catalyst 2960-plus 24lc-l
Cisco Catalyst 2960-plus 24lc-s
Cisco Catalyst 2960-plus 24pc-l
Cisco Catalyst 2960-plus 24pc-s
Cisco Catalyst 2960-plus 24tc-l
Cisco Catalyst 2960-plus 24tc-s
Cisco Catalyst 2960-plus 48pst-l
Cisco Catalyst 2960-plus 48pst-s
Cisco Catalyst 2960-plus 48tc-l
Cisco Catalyst 2960-plus 48tc-s
Cisco Catalyst 2960c-12pc-l
Cisco Catalyst 2960c-8pc-l
Cisco Catalyst 2960c-8tc-l
Cisco Catalyst 2960c-8tc-s
Cisco Catalyst 2960cg-8tc-l
Cisco Catalyst 2960cpd-8pt-l
Cisco Catalyst 2960cpd-8tt-l
Cisco Catalyst 2960s-24pd-l
Cisco Catalyst 2960s-24ps-l
Cisco Catalyst 2960s-24td-l
Cisco Catalyst 2960s-24ts-l
Cisco Catalyst 2960s-48fpd-l
Cisco Catalyst 2960s-48fps-l
Cisco Catalyst 2960s-48lpd-l
Cisco Catalyst 2960s-48lps-l
Cisco Catalyst 2960s-48td-l
Cisco Catalyst 2960s-48ts-l
Cisco Catalyst 2960s-48ts-s
Cisco Catalyst 2960s-f24ps-l
Cisco Catalyst 2960s-f24ts-l
Cisco Catalyst 2960s-f24ts-s
Cisco Catalyst 2960s-f48fps-l
Cisco Catalyst 2960s-f48lps-l
Cisco Catalyst 2960s-f48ts-l
Cisco Catalyst 2960s-f48ts-s
Cisco Catalyst 2960x-24pd-l
Cisco Catalyst 2960x-24ps-l
Cisco Catalyst 2960x-24psq-l
Cisco Catalyst 2960x-24td-l
Cisco Catalyst 2960x-24ts-l
Cisco Catalyst 2960x-24ts-ll
Cisco Catalyst 2960x-48fpd-l
Cisco Catalyst 2960x-48fps-l
Cisco Catalyst 2960x-48lpd-l
Cisco Catalyst 2960x-48lps-l
Cisco Catalyst 2960x-48td-l
Cisco Catalyst 2960x-48ts-l
Cisco Catalyst 2960x-48ts-ll
Cisco Catalyst 2960xr-24pd-i
Cisco Catalyst 2960xr-24ps-i
Cisco Catalyst 2960xr-24td-i
Cisco Catalyst 2960xr-24ts-i
Cisco Catalyst 2960xr-48fpd-i
Cisco Catalyst 2960xr-48fps-i
Cisco Catalyst 2960xr-48lpd-i
Cisco Catalyst 2960xr-48lps-i
Cisco Catalyst 2960xr-48td-i
Cisco Catalyst 2960xr-48ts-i
Cisco Catalyst 3560c-12pc-s
Cisco Catalyst 3560c-8pc-s
Cisco Catalyst 3560cg-8pc-s
Cisco Catalyst 3560cg-8tc-s
Cisco Catalyst 3560cpd-8pt-s
Cisco Catalyst 3560x-24p-e
Cisco Catalyst 3560x-24p-l
Cisco Catalyst 3560x-24p-s
Cisco Catalyst 3560x-24t-e
Cisco Catalyst 3560x-24t-l
Cisco Catalyst 3560x-24t-s
Cisco Catalyst 3560x-24u-e
Cisco Catalyst 3560x-24u-l
Cisco Catalyst 3560x-24u-s
Cisco Catalyst 3560x-48p-e
Cisco Catalyst 3560x-48p-l
Cisco Catalyst 3560x-48p-s
Cisco Catalyst 3560x-48pf-e
Cisco Catalyst 3560x-48pf-l
Cisco Catalyst 3560x-48pf-s
Cisco Catalyst 3560x-48t-e
Cisco Catalyst 3560x-48t-l
Cisco Catalyst 3560x-48t-s
Cisco Catalyst 3560x-48u-e
Cisco Catalyst 3560x-48u-l
Cisco Catalyst 3560x-48u-s
Cisco Catalyst 3750x-12s-e
Cisco Catalyst 3750x-12s-s
Cisco Catalyst 3750x-24p-e
Cisco Catalyst 3750x-24p-l
Cisco Catalyst 3750x-24p-s
Cisco Catalyst 3750x-24s-e
Cisco Catalyst 3750x-24s-s
Cisco Catalyst 3750x-24t-e
Cisco Catalyst 3750x-24t-l
Cisco Catalyst 3750x-24t-s
Cisco Catalyst 3750x-24u-e
Cisco Catalyst 3750x-24u-l
Cisco Catalyst 3750x-24u-s
Cisco Catalyst 3750x-48p-e
Cisco Catalyst 3750x-48p-l
Cisco Catalyst 3750x-48p-s
Cisco Catalyst 3750x-48pf-e
Cisco Catalyst 3750x-48pf-l
Cisco Catalyst 3750x-48pf-s
Cisco Catalyst 3750x-48t-e
Cisco Catalyst 3750x-48t-l
Cisco Catalyst 3750x-48t-s
Cisco Catalyst 3750x-48u-e
Cisco Catalyst 3750x-48u-l
Cisco Catalyst 3750x-48u-s
Cisco Catalyst 4500 Supervisor Engine 6-e
Cisco Catalyst 4500 Supervisor Engine 6l-e
Cisco Catalyst 4900m
Cisco Catalyst 4948e
Cisco Catalyst 4948e-f
Cisco Embedded Service 2020 24tc Con
Cisco Embedded Service 2020 24tc Con B
Cisco Embedded Service 2020 24tc Ncp
Cisco Embedded Service 2020 24tc Ncp B
Cisco Embedded Service 2020 Con
Cisco Embedded Service 2020 Con B
Cisco Embedded Service 2020 Ncp
Cisco Embedded Service 2020 Ncp B
Cisco Ie-3010-16s-8pc
Cisco Ie-3010-24tc
Cisco Ie 2000-16ptc-g
Cisco Ie 2000-16t67
Cisco Ie 2000-16t67p
Cisco Ie 2000-16tc
Cisco Ie 2000-16tc-g
Cisco Ie 2000-16tc-g-e
Cisco Ie 2000-16tc-g-n
Cisco Ie 2000-16tc-g-x
Cisco Ie 2000-24t67
Cisco Ie 2000-4s-ts-g
Cisco Ie 2000-4t
Cisco Ie 2000-4t-g
Cisco Ie 2000-4ts
Cisco Ie 2000-4ts-g
Cisco Ie 2000-8t67
Cisco Ie 2000-8t67p
Cisco Ie 2000-8tc
Cisco Ie 2000-8tc-g
Cisco Ie 2000-8tc-g-e
Cisco Ie 2000-8tc-g-n
Cisco Ie 3000-4tc
Cisco Ie 3000-8tc
Cisco Sm-x Layer 2\/3 Etherswitch Service Module

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203