← Back

CVE-2018-0421

nvd nist
Published: Oct 5, 2018Modified: Nov 21, 2024

JSON object

Loading...
8.6
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 4.0
Source: NVD

Description

A vulnerability in TCP connection management in Cisco Prime Access Registrar could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition when the application unexpectedly restarts. The vulnerability is due to incorrect handling of incoming TCP SYN packets to specific listening ports. The improper handling of the TCP SYN packets could cause a system file description to be allocated and not freed. An attacker could exploit this vulnerability by sending a crafted stream of TCP SYN packets to the application. A successful exploit could allow the attacker to cause the application to eventually restart if a file description cannot be obtained.

Affected (4)

Cisco
2 products
Prime Access Registrar
Prime Access Registrar Jumpstart
Configuration A
4 vulnerable
Vulnerable SoftwareAffected Versions
Cisco
Prime Access Registrar
From 7.3 to 7.3.0.4
Prime Access Registrar
From 8.0 to 8.0.1.1
Cisco
Prime Access Registrar Jumpstart
From 7.3 to 7.3.0.4
Prime Access Registrar Jumpstart
From 8.0 to 8.0.1.1

Related CWEs

CWE-399
CWE-399
CWE-772
Missing Release of Resource after Effective Lifetime
The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

References (6)

Source: psirt@cisco.com
Third Party AdvisoryVDB Entry
Source: psirt@cisco.com
Third Party AdvisoryVDB Entry
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.