Denial of Service Vulnerability in Cisco ASR 5000 and Virtualized Packet Core Software
CVE-2018-0273

5.3MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Staros Ipsec Manager
Vendor
CVE Published:
19 April 2018

Summary

A weakness in the IPsec Manager of Cisco StarOS can be exploited by an unauthenticated, remote user to disrupt existing IPsec VPN tunnels. This occurs through the improper processing of maliciously crafted Internet Key Exchange Version 2 (IKEv2) messages. As a result, the ipsecmgr service may need to be reloaded, leading to the termination of all active IPsec VPN connections and preventing new tunnels from being created, thereby affecting network availability.

Affected Version(s)

Cisco StarOS IPsec Manager Cisco StarOS IPsec Manager

References

https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/103935
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1040721
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.