← Volver a CVEs
CVE-2018-0156
HIGHCISA KEV7.5
Descripcion
A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted packet to an affected device on TCP port 4786. Only Smart Install client switches are affected. Cisco devices that are configured as a Smart Install director are not affected by this vulnerability. Cisco Bug IDs: CSCvd40673.
Detalles CVE
Puntuacion CVSS v3.17.5
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado3/28/2018
Ultima modificacion1/13/2026
Fuentekev
Avistamientos honeypot0
CISA KEV
VendedorCisco
ProductoIOS Software and Cisco IOS XE Software
Nombre vulnerabilidadCisco IOS Software and Cisco IOS XE Software Smart Install Denial-of-Service Vulnerability
Fecha inclusion KEV2022-03-03
Fecha limite remediacion2022-03-17
Uso en ransomwareUnknown
Productos afectados
cisco:catalyst_2960-plus_24lc-lcisco:catalyst_2960-plus_24lc-scisco:catalyst_2960-plus_24pc-lcisco:catalyst_2960-plus_24pc-scisco:catalyst_2960-plus_24tc-lcisco:catalyst_2960-plus_24tc-scisco:catalyst_2960-plus_48pst-lcisco:catalyst_2960-plus_48pst-scisco:catalyst_2960-plus_48tc-lcisco:catalyst_2960-plus_48tc-scisco:catalyst_2960c-12pc-lcisco:catalyst_2960c-8pc-lcisco:catalyst_2960c-8tc-lcisco:catalyst_2960c-8tc-scisco:catalyst_2960cg-8tc-lcisco:catalyst_2960cpd-8pt-lcisco:catalyst_2960cpd-8tt-lcisco:catalyst_2960s-24pd-lcisco:catalyst_2960s-24ps-lcisco:catalyst_2960s-24td-lcisco:catalyst_2960s-24ts-lcisco:catalyst_2960s-24ts-scisco:catalyst_2960s-48fpd-lcisco:catalyst_2960s-48fps-lcisco:catalyst_2960s-48lpd-lcisco:catalyst_2960s-48lps-lcisco:catalyst_2960s-48td-lcisco:catalyst_2960s-48ts-lcisco:catalyst_2960s-48ts-scisco:catalyst_2960s-f24ps-lcisco:catalyst_2960s-f24ts-lcisco:catalyst_2960s-f24ts-scisco:catalyst_2960s-f48fps-lcisco:catalyst_2960s-f48lps-lcisco:catalyst_2960s-f48ts-lcisco:catalyst_2960s-f48ts-scisco:catalyst_2960x-24pd-lcisco:catalyst_2960x-24ps-lcisco:catalyst_2960x-24psq-l_coolcisco:catalyst_2960x-24td-lcisco:catalyst_2960x-24ts-lcisco:catalyst_2960x-24ts-llcisco:catalyst_2960x-48fpd-lcisco:catalyst_2960x-48fps-lcisco:catalyst_2960x-48lpd-lcisco:catalyst_2960x-48lps-lcisco:catalyst_2960x-48td-lcisco:catalyst_2960x-48ts-lcisco:catalyst_2960x-48ts-llcisco:catalyst_2960xr-24pd-icisco:catalyst_2960xr-24ps-icisco:catalyst_2960xr-24td-icisco:catalyst_2960xr-24ts-icisco:catalyst_2960xr-48fpd-icisco:catalyst_2960xr-48fps-icisco:catalyst_2960xr-48lpd-icisco:catalyst_2960xr-48lps-icisco:catalyst_2960xr-48td-icisco:catalyst_2960xr-48ts-icisco:catalyst_3560c-12pc-scisco:catalyst_3560c-8pc-scisco:catalyst_3560cg-8pc-scisco:catalyst_3560cg-8tc-scisco:catalyst_3560cpd-8pt-scisco:catalyst_3560x-24p-ecisco:catalyst_3560x-24p-lcisco:catalyst_3560x-24p-scisco:catalyst_3560x-24t-ecisco:catalyst_3560x-24t-lcisco:catalyst_3560x-24t-scisco:catalyst_3560x-24u-ecisco:catalyst_3560x-24u-lcisco:catalyst_3560x-24u-scisco:catalyst_3560x-48p-ecisco:catalyst_3560x-48p-lcisco:catalyst_3560x-48p-scisco:catalyst_3560x-48pf-ecisco:catalyst_3560x-48pf-lcisco:catalyst_3560x-48pf-scisco:catalyst_3560x-48t-ecisco:catalyst_3560x-48t-lcisco:catalyst_3560x-48t-scisco:catalyst_3560x-48u-ecisco:catalyst_3560x-48u-lcisco:catalyst_3560x-48u-scisco:catalyst_3750x-12s-ecisco:catalyst_3750x-12s-scisco:catalyst_3750x-24p-ecisco:catalyst_3750x-24p-lcisco:catalyst_3750x-24p-scisco:catalyst_3750x-24s-ecisco:catalyst_3750x-24s-scisco:catalyst_3750x-24t-ecisco:catalyst_3750x-24t-lcisco:catalyst_3750x-24t-scisco:catalyst_3750x-24u-ecisco:catalyst_3750x-24u-lcisco:catalyst_3750x-24u-scisco:catalyst_3750x-48p-ecisco:catalyst_3750x-48p-lcisco:catalyst_3750x-48p-scisco:catalyst_3750x-48pf-ecisco:catalyst_3750x-48pf-lcisco:catalyst_3750x-48pf-scisco:catalyst_3750x-48t-ecisco:catalyst_3750x-48t-lcisco:catalyst_3750x-48t-scisco:catalyst_3750x-48u-ecisco:catalyst_3750x-48u-lcisco:catalyst_3750x-48u-scisco:catalyst_4500_supervisor_engine_6-ecisco:catalyst_4500_supervisor_engine_6l-ecisco:catalyst_4900mcisco:catalyst_4948ecisco:catalyst_4948e-fcisco:embedded_service_2020_24tc_concisco:embedded_service_2020_24tc_con_bcisco:embedded_service_2020_24tc_ncpcisco:embedded_service_2020_24tc_ncp_bcisco:embedded_service_2020_concisco:embedded_service_2020_con_bcisco:embedded_service_2020_ncpcisco:embedded_service_2020_ncp_bcisco:ie-3010-16s-8pccisco:ie-3010-24tccisco:ie_2000-16ptc-gcisco:ie_2000-16t67cisco:ie_2000-16t67pcisco:ie_2000-16tccisco:ie_2000-16tc-gcisco:ie_2000-16tc-g-ecisco:ie_2000-16tc-g-ncisco:ie_2000-16tc-g-xcisco:ie_2000-24t67cisco:ie_2000-4s-ts-gcisco:ie_2000-4tcisco:ie_2000-4t-gcisco:ie_2000-4tscisco:ie_2000-4ts-gcisco:ie_2000-8t67cisco:ie_2000-8t67pcisco:ie_2000-8tccisco:ie_2000-8tc-gcisco:ie_2000-8tc-g-ecisco:ie_2000-8tc-g-ncisco:ie_3000-4tccisco:ie_3000-8tccisco:ioscisco:ios_xe
Debilidades (CWE)
CWE-399CWE-20
Referencias
http://www.securityfocus.com/bid/103569(psirt@cisco.com)
http://www.securitytracker.com/id/1040596(psirt@cisco.com)
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04(psirt@cisco.com)
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05(psirt@cisco.com)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi(psirt@cisco.com)
http://www.securityfocus.com/bid/103569(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1040596(af854a3a-2127-422b-91ae-364da2661108)
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04(af854a3a-2127-422b-91ae-364da2661108)
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05(af854a3a-2127-422b-91ae-364da2661108)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-0156(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.