CVE-2018-0418

Description

A vulnerability in the Local Packet Transport Services (LPTS) feature set of Cisco ASR 9000 Series Aggregation Services Router Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input and validation checking on certain Precision Time Protocol (PTP) ingress traffic to an affected device. An attacker could exploit this vulnerability by injecting malformed traffic into an affected device. A successful exploit could allow the attacker to cause services on the device to become unresponsive, resulting in a DoS condition. Cisco Bug IDs: CSCvj22858.

Risk Information

Base Score

8.6

MODERATE

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

EPSS Score

Exploitation Probability

1.211

Associated Vulnerability

Vulnerability	OS Platform
Cisco ASR 9000 Series Aggregation Services Routers Precision Time Protocol Denial of Service Vulnerability For Cisco ASR 9000 Series Aggregation Services Routers	NCM
Improper Input Validation Vulnerability (CVE-2018-0418)	NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-1705564	Security Update for Cisco ASR 9000 Series Aggregation Services Routers 5.3.0.1i.BASE

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234