Yet another vulnerability, identified as CVE-2018-0369, in Cisco software has been patched. Rated severe, the flaw is described as an IPv4 Fragmentation vulnerability which could lead to a denial of service if used with three other medium severity bugs.
CVE-2018-0369 Technical Details
The vulnerability stems from improper handling of fragmented IPv4 packets containing options.
More specifically, these packets contained options which could be exploited by hackers in a scenario where a malicious IPv4 packer is sent across vulnerable devices. According to the official Cisco advisory, the vulnerability in the reassembly logic for fragmented IPv4 packets of Cisco StarOS running on virtual platforms could allow an unauthenticated, remote attacker to trigger a reload of the npusimprocess, resulting in a denial of service (DoS) condition.
Which devices are affected by CVE-2018-0369?
As explained in the advisory, the vulnerability affects the following Cisco products running any release of the StarOS operating system prior to the first fixed release:
– Cisco Virtualized Packet Core-Single Instance (VPC-SI);
– Cisco Virtualized Packet Core-Distributed Instance (VPC-DI);
– Cisco Ultra Packet Core (UPC).
Here is a list of the devices that are not affected by the vulnerability:
– Cisco ASR 5000 Series Aggregation Services Routers;
– Cisco Elastic Services Controllers (ESC);
– Cisco Ultra Automation Services (UAS).
As for the medium severity vulnerabilities – they include a FireSIGHT system software file policy bypass vulnerability, a FireSIGHT system software URL-based access control policy bypass flaw, and a web security appliance cross-site scripting flaw.
To determine whether a vulnerable release of Cisco StarOS is running on an affected instance, administrators can use the show version command in the device CLI, Cisco said. The company has also released free software updates that address CVE-2018-0369.
It is highly advisable to patch affected devices. Just last month there were reports about another vulnerability, CVE-2018-0296, rated high-severe and affecting Cisco ASA and Firepower security appliances. The flaw was actively exploited in the wild after an exploit of it showed up online a few days prior to the attacks.