Denial of Service Vulnerability in Cisco Virtualized Packet Core-Distributed Instance Software
CVE-2018-0117

8.6HIGH

Key Information:

Vendor: Cisco
Status: Cisco Virtualized Packet Core-distributed Instance
Vendor: CVE Published:; 8 February 2018

Summary

A vulnerability exists in the ingress packet processing capabilities of Cisco's Virtualized Packet Core-Distributed Instance (VPC-DI) Software, allowing an unauthenticated remote attacker to exploit it. By sending specially crafted traffic to the internal distributed instance network address, an attacker can trigger an unhandled error condition that forces both control function (CF) instances to reload, effectively disconnecting all subscribers and causing a complete denial of service. This poses significant risks to network continuity and service availability across affected systems running Cisco StarOS versions 19.2 to 21.3.

Affected Version(s)

Cisco Virtualized Packet Core-Distributed Instance Cisco Virtualized Packet Core-Distributed Instance

References

http://www.securityfocus.com/bid/102970

vdb-entryx_refsource_BID

https://tools.cisco.com/security/center/content/CiscoSecu...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Feb 8, 2018
Vulnerability Reserved
Nov 27, 2017