CVE-2018-0480
low-risk
Published 2018-10-05
A vulnerability in the errdisable per VLAN feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause the device to crash, leading to a denial of service (DoS) condition. The vulnerability is due to a race condition that occurs when the VLAN and port enter an errdisabled state, resulting in an incorrect state in the software. An attacker could exploit this vulnerability by sending frames that trigger the errdisable condition. A successful exploit could allow the attacker to cause the affected device to crash, leading to a DoS condition.
Do I need to act?
-
0.17% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.1/10
Medium
ADJACENT_NETWORK
/ HIGH complexity
Affected Products (1)
Affected Vendors
References (6)
Third Party Advisory
http://www.securityfocus.com/bid/105400
Third Party Advisory
http://www.securitytracker.com/id/1041737
Third Party Advisory
http://www.securityfocus.com/bid/105400
Third Party Advisory
http://www.securitytracker.com/id/1041737
22
/ 100
low-risk
Severity
16/34 · Moderate
Exploitability
1/34 · Minimal
Exposure
5/34 · Minimal