Staros
CVE-2018-0369
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
A vulnerability in the reassembly logic for fragmented IPv4 packets of Cisco StarOS running on virtual platforms could allow an unauthenticated, remote attacker to trigger a reload of the npusim process, resulting in a denial of service (DoS) condition. There are four instances of the npusim process running per Service Function (SF) instance, each handling a subset of all traffic flowing across the device. It is possible to trigger a reload of all four instances of the npusim process around the same time. The vulnerability is due to improper handling of fragmented IPv4 packets containing options. An attacker could exploit this vulnerability by sending a malicious IPv4 packet across an affected device. An exploit could allow the attacker to trigger a restart of the npusim process, which will result in all traffic queued toward this instance of the npusim process to be dropped while the process is restarting. The npusim process typically restarts within less than a second. This vulnerability affects: Cisco Virtualized Packet Core-Single Instance (VPC-SI), Cisco Virtualized Packet Core-Distributed Instance (VPC-DI), Cisco Ultra Packet Core (UPC). Cisco Bug IDs: CSCvh29613.
AnalysisAI
A vulnerability in the reassembly logic for fragmented IPv4 packets of Cisco StarOS running on virtual platforms could allow an unauthenticated, remote attacker to trigger a reload of the npusim. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-20. A vulnerability in the reassembly logic for fragmented IPv4 packets of Cisco StarOS running on virtual platforms could allow an unauthenticated, remote attacker to trigger a reload of the npusim process, resulting in a denial of service (DoS) condition. There are four instances of the npusim process running per Service Function (SF) instance, each handling a subset of all traffic flowing across the device. It is possible to trigger a reload of all four instances of the npusim process around the same time. The vulnerability is due to improper handling of fragmented IPv4 packets containing options. An attacker could exploit this vulnerability by sending a malicious IPv4 packet across an affected device. An exploit could allow the attacker to trigger a restart of the npusim process, which will result in all traffic queued toward this instance of the npusim process to be dropped while the process is restarting. The npusim process typically restarts within less than a second. This vulnerability affects: Cisco Virtualized Packet Core-Single Instance (VPC-SI), Cisco Virtualized Packet Core-Distributed Instance (VPC-DI), Cisco Ultra Packet Core (UPC). Cisco Bug IDs: CSCvh29613. Affected products include: Cisco Staros.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Erlang/OTP SSH server allows unauthenticated remote code execution by exploiting a flaw in SSH protocol message handling
A vulnerability in the key-based SSH authentication feature of Cisco StarOS Software could allow an authenticated, remot
Multiple vulnerabilities in the authorization process of Cisco ASR 5000 Series Software (StarOS) could allow an authenti
A vulnerability in the IPv4 protocol handling of Cisco StarOS could allow an unauthenticated, remote attacker to cause a
A vulnerability in the IPv6 implementation of Cisco StarOS could allow an unauthenticated, remote attacker to cause a de
A vulnerability in the CLI command-parsing code of the Cisco StarOS operating system for Cisco ASR 5000 Series 11.0 thro
A vulnerability in the SSH service of the Cisco StarOS operating system could allow an unauthenticated, remote attacker
A vulnerability in the internal packet-processing functionality of the Cisco StarOS operating system running on virtual
A vulnerability in the egress packet processing functionality of the Cisco StarOS operating system for Cisco Aggregation
Multiple vulnerabilities in the authorization process of Cisco ASR 5000 Series Software (StarOS) could allow an authenti
A vulnerability in the CLI of Cisco StarOS could allow an authenticated, local attacker to elevate privileges on an affe
A vulnerability in the CLI of Cisco StarOS operating system for Cisco ASR 5000 Series Routers could allow an authenticat
Same weakness CWE-20 – Improper Input Validation
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today