製品・ソフトウェアに関する情報

JVN脆弱性詳細

Cisco IOS XE ソフトウェアにおけるデータ処理に関する脆弱性

Title	Cisco IOS XE ソフトウェアにおけるデータ処理に関する脆弱性
Summary	Cisco IOS XE ソフトウェアには、データ処理に関する脆弱性が存在します。ベンダは、本脆弱性を Bug ID CSCvf60296 として公開しています。
Possible impacts	サービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	March 28, 2018, midnight
Registration Date	May 28, 2018, 3:18 p.m.
Last Update	May 28, 2018, 3:18 p.m.

Affected System

シスコシステムズ

Cisco IOS XE Everest-16.4.1

Cisco IOS XE Everest-16.4.2

Cisco IOS XE Everest-16.5.1

Cisco IOS XE Everest-16.5.1b

Cisco IOS XE Everest-16.6.1

Cisco IOS XE Everest-16.6.1a

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2018-0157	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0157
National Vulnerability Database (NVD)
2	CVE-2018-0157	https://nvd.nist.gov/vuln/detail/CVE-2018-0157

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-19	https://cwe.mitre.org/data/definitions/19.html

ベンダー情報

No	Name	URL
Cisco Security Advisory
1	cisco-sa-20180328-fwip	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-fwip

Change Log

No	Changed Details	Date of change
1	[2018年05月28日] 掲載	May 28, 2018, 3:18 p.m.

NVD Vulnerability Information

CVE-2018-0157

Summary	A vulnerability in the Zone-Based Firewall code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a device to reload. The vulnerability is due to the way fragmented packets are handled in the firewall code. An attacker could exploit this vulnerability by sending fragmented IP Version 4 or IP Version 6 packets through an affected device. An exploit could allow the attacker to cause the device to crash, resulting in a denial of service (DoS) condition. The following releases of Cisco IOS XE Software are vulnerable: Everest-16.4.1, Everest-16.4.2, Everest-16.5.1, Everest-16.5.1b, Everest-16.6.1, Everest-16.6.1a. Cisco Bug IDs: CSCvf60296.
Publication Date	March 29, 2018, 7:29 a.m.
Registration Date	March 1, 2021, 6:35 p.m.
Last Update	Nov. 21, 2024, 12:37 p.m.

Affected software configurations

Related information, measures and tools

No	URL	タグ
1	http://www.securityfocus.com/bid/103561	Third Party Advisory VDB Entry
2	http://www.securityfocus.com/bid/103561	Third Party Advisory VDB Entry
3	http://www.securitytracker.com/id/1040593	Third Party Advisory VDB Entry
4	http://www.securitytracker.com/id/1040593	Third Party Advisory VDB Entry
5	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-fwip	Vendor Advisory
6	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-fwip	Vendor Advisory

Common Vulnerabilities List