CVE-2018-0282 (CNNVD-201901-255)
中文标题:
Cisco IOS和IOS XE Software 安全漏洞
英文标题:
Cisco IOS and IOS XE Software TCP Denial of Service Vulnerability
漏洞描述
中文描述:
Cisco IOS和IOS XE都是美国思科(Cisco)公司的一套为其网络设备开发的操作系统。 Cisco IOS和IOS XE Software中的TCP套接字代码存在拒绝服务漏洞。远程攻击者可利用该漏洞造成拒绝服务(设备重载)。
英文描述:
A vulnerability in the TCP socket code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a state condition between the socket state and the transmission control block (TCB) state. While this vulnerability potentially affects all TCP applications, the only affected application observed so far is the HTTP server. An attacker could exploit this vulnerability by sending specific HTTP requests at a sustained rate to a reachable IP address of the affected software. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition on an affected device.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| Cisco | Cisco IOS | n/a | - | - |
cpe:2.3:a:cisco:cisco_ios:n_a:*:*:*:*:*:*:*
|
| cisco | ios | 15.2\(2\)e4 | - | - |
cpe:2.3:o:cisco:ios:15.2\(2\)e4:*:*:*:*:*:*:*
|
| cisco | ios_xe | - | - | - |
cpe:2.3:o:cisco:ios_xe:-:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
3.0 (cna)
MEDIUMCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2018-0282 |
2025-11-11 15:19:35 | 2025-11-11 07:34:57 |
| NVD | nvd_CVE-2018-0282 |
2025-11-11 14:56:02 | 2025-11-11 07:43:33 |
| CNNVD | cnnvd_CNNVD-201901-255 |
2025-11-11 15:10:08 | 2025-11-11 07:54:17 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 其他
- cnnvd_id: 未提取 -> CNNVD-201901-255
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- affected_products_count: 1 -> 3
- data_sources: ['cve'] -> ['cve', 'nvd']