version 18.2R1-S9 and later versions prior to 18.2R1-S13; 19 version 19R1-S4 and later versions prior to 19R1-S7; 20 version 20R1-S3 and later versions prior to 20R1-S6; 20.1 version 20.1R1-S8 and later versions prior to 20.1R1-S13; 20.2 version 20.2R1-S11 and later versions prior to 20.2R1-S14; 21 version 21R1-S1 and later versions prior to 21R1-S2; 22 version 22R1-S1 and later versions prior to 22R1-S2. Vulnerabilities have been assigned the following identifiers: CVE-2018-9243, CVE-2018-9244, CVE-2018-9245, CVE-2018-9246, CVE-2018-9247, CVE-2018-9248, CVE-2018-9249, CVE-2018-9250. The following describes the details of the vulnerabilities. A remote attacker may be able to cause a Denial of Service (DoS) by sending crafted genuine packets to a device. During an attack, the routing protocol daemon (rpd) CPU may reach 100% utilization, yet FPC CPUs forwarding traffic will operate normally. This attack occurs when the attackers' packets are sent over an IPv4 unicast
Vulnerability Overview
A remote attacker may be able to cause a Denial of Service (DoS) by sending crafted genuine packets to a device. During an attack, the routing protocol daemon (rpd) CPU may reach 100% utilization, yet FPC CPUs forwarding traffic will operate normally. This attack occurs when the attackers' packets are sent over an IPv4 unicast or multicast address.
Vulnerability determined
The vulnerabilities have been assigned CVE-2018-9243, CVE-2018-9244, CVE-2018-9245, CVE-2018-9246, CVE-2018-9247, CVE-2018-9248, and CVE-2018-9250. The following describes the details of the vulnerabilities.
A remote attacker may be able to cause a Denial of Service (DoS) by sending crafted genuine packets to a device. During an attack, the routing protocol daemon (rpd) CPU may reach 100% utilization, yet FPC CPUs forwarding traffic will operate normally. This attack occurs when the attackers' packets are sent over an IPv4 unicast address.
CVE-2018-9243
A remote attacker can cause a Denial of Service (DoS) by sending crafted genuine packets to a device. During an attack, the routing protocol daemon (rpd) CPU may reach 100% utilization, yet FPC CPUs forwarding traffic will operate normally. This attack occurs when the attackers' packets are sent over an IPv4 unicast route with a large and variable metric value.
Discovery and Observations
1) The vulnerabilities were identified by the Cisco Talos Security Intelligence and Research Group.
2) These vulnerabilities affect devices that have IPv4 Unicast routing configured as their default route.
3) In order to exploit these vulnerabilities, an attacker would need to send crafted genuine packets to a device.
4) The attack is successful when the routing protocol daemon (rpd) CPU reaches 100% utilization and yet FPC CPUs forwarding traffic will operate normally.
5) Cisco has released software updates in order to address these vulnerabilities.
Timeline
Published on: 01/19/2022 01:15:00 UTC
Last modified on: 01/31/2022 18:17:00 UTC