一、 漏洞 CVE-2018-0239 基础信息
漏洞标题
N/A
来源:AIGC 神龙大模型
漏洞描述信息
Cisco StarOS操作系统中出射数据包处理功能的漏洞可能会导致未验证的远程攻击者停止设备上的接口转发数据包。设备可能需要手动重新加载以清除此接口转发拒绝服务状态。该漏洞是由于未正确检查要传输的数据包长度不超过网络接口卡(NIC)的最大支持长度而无法检测到的。攻击者可以通过向目标设备上的接口发送精心构造的IP数据包或一系列精心构造的IP碎片来利用此漏洞。成功利用此漏洞可能导致攻击者使网络接口停止转发数据包。该漏洞可能是由于IPv4或IPv6网络流量触发的。当运行StarOS操作系统的以下 Cisco产品并且在设备上安装虚拟接口卡时,该漏洞会影响它们:Aggregation Services Router (ASR) 5700 Series,虚拟ized Packet Core-分布式实例(VPC-DI)系统软件,虚拟ized Packet Core-单实例(VPC-SI)系统软件。Cisco Bug ID: CSCvf32385。
来源:AIGC 神龙大模型
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
来源:AIGC 神龙大模型
漏洞类别
N/A
来源:AIGC 神龙大模型
漏洞标题
N/A
来源:美国国家漏洞数据库 NVD
漏洞描述信息
A vulnerability in the egress packet processing functionality of the Cisco StarOS operating system for Cisco Aggregation Services Router (ASR) 5700 Series devices and Virtualized Packet Core (VPC) System Software could allow an unauthenticated, remote attacker to cause an interface on the device to cease forwarding packets. The device may need to be manually reloaded to clear this Interface Forwarding Denial of Service condition. The vulnerability is due to the failure to properly check that the length of a packet to transmit does not exceed the maximum supported length of the network interface card (NIC). An attacker could exploit this vulnerability by sending a crafted IP packet or a series of crafted IP fragments through an interface on the targeted device. A successful exploit could allow the attacker to cause the network interface to cease forwarding packets. This vulnerability could be triggered by either IPv4 or IPv6 network traffic. This vulnerability affects the following Cisco products when they are running the StarOS operating system and a virtual interface card is installed on the device: Aggregation Services Router (ASR) 5700 Series, Virtualized Packet Core-Distributed Instance (VPC-DI) System Software, Virtualized Packet Core-Single Instance (VPC-SI) System Software. Cisco Bug IDs: CSCvf32385.
来源:美国国家漏洞数据库 NVD
CVSS信息
N/A
来源:美国国家漏洞数据库 NVD
漏洞类别
输入验证不恰当
来源:美国国家漏洞数据库 NVD
漏洞标题
Cisco Aggregation Services Router 5000 Series Routers和Virtualized Packet Core System Software StarOS 输入验证错误漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
Cisco Aggregation Services Router(ASR)5000 Series Routers和Virtualized Packet Core(VPC)System Software都是美国思科(Cisco)公司的产品。Cisco Aggregation Services Router(ASR)5000 Series Routers是一款5000系列的安全路由器设备。Virtualized Packet Core(VPC)System Software是一套被部署在专用硬件平台的Sta
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
输入验证错误
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2018-0239 的公开POC
# POC 描述 源链接 神龙链接
三、漏洞 CVE-2018-0239 的情报信息