CVE-2018-0189

A vulnerability in the Forwarding Information Base (FIB) code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, network attacker to cause a denial of service (DoS) condition. The vulnerability is due to a limitation in the way the FIB is internally representing recursive routes. An attacker could exploit this vulnerability by injecting routes into the routing protocol that have a specific recursive pattern. The attacker must be in a position on the network that provides the ability to inject a number of recursive routes with a specific pattern. An exploit could allow the attacker to cause an affected device to reload, creating a DoS condition. Cisco Bug IDs: CSCva91655.

Published: Mar 29, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-0189
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: High
Score: 7.1
AV:N/AC:M/Au:N/C:N/I:N/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
cisco / ios_xe	-	15.5\(3\)s5
cisco / ios_xe	-	15.5\(3\)m5
cisco / ios_xe	-	15.4\(3\)s7
cisco / ios_xe	-	15.4\(2\)s1
cisco / ios_xe	-	15.4\(1\)s1
cisco / ios_xe	-	15.4\(1\)s0a
cisco / ios_xe	-	15.2\(5\)e1
cisco / ios_xe	-	15.2\(4\)e5
cisco / ios_xe	-	15.2\(2\)e1
cisco / ios_xe	-	15.2\(1\)e1

Vulnerability Database

289,599

CVE-2018-0189