CVE-2018-0418 — Vulnetix

CVE-2018-0418 PUBLISHED CVSS 8.600000381469727 HIGH

A vulnerability in the Local Packet Transport Services (LPTS) feature set of Cisco ASR 9000 Series Aggregation Services Router Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input and validation checking on certain Precision Time Protocol (PTP) ingress traffic to an affected device. An attacker could exploit this vulnerability by injecting malformed traffic into an affected device. A successful exploit could allow the attacker to cause services on the device to become unresponsive, resulting in a DoS condition. Cisco Bug IDs: CSCvj22858.

EPSS 1.02% · 77.6th percentile

Risk Scores

CVSS 3.1

8.600000381469727

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

EPSS Score

1.02%

77.6th percentile

Affected Products

Vendor	Product	Versions
cisco	ios_xr	0
Cisco Systems, Inc.	ASR 9000 Series Aggregation Services Router Software	*

Exploit Intelligence

1041538 (circl)
105185 (circl)
20180815 Cisco ASR 9000 Series Aggregation Services Routers Precision Time Protocol Denial of Service Vulnerability (circl)

Timeline

Aug 15, 2018 CVE Published
Apr 14, 2021 EPSS Score
Jun 23, 2021 EPSS Score
Aug 24, 2021 EPSS Score
Oct 26, 2021 EPSS Score
Dec 27, 2021 EPSS Score
Feb 28, 2022 EPSS Score
May 2, 2022 EPSS Score
Jul 3, 2022 EPSS Score
Nov 6, 2022 EPSS Score
Jan 8, 2023 EPSS Score
Mar 7, 2023 EPSS Score

References

1041538 vdb
105185 vdb
20180815 Cisco ASR 9000 Series Aggregation Services Routers Precision Time Protocol Denial of Service Vulnerability vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2018-0418 advisory

Open in Interactive Console →