← Zuruck zu CVEs
CVE-2018-0158
HIGHCISA KEV8.6
Beschreibung
A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain IKEv2 packets. An attacker could exploit this vulnerability by sending crafted IKEv2 packets to an affected device to be processed. A successful exploit could cause an affected device to continuously consume memory and eventually reload, resulting in a DoS condition. Cisco Bug IDs: CSCvf22394.
CVE Details
CVSS v3.1 Bewertung8.6
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht3/28/2018
Zuletzt geandert1/14/2026
Quellekev
Honeypot-Sichtungen0
CISA KEV
HerstellerCisco
ProduktIOS Software and Cisco IOS XE Software
SchwachstellennameCisco IOS and XE Software Internet Key Exchange Memory Leak Vulnerability
KEV Aufnahmedatum2022-03-03
Behebungsfrist2022-03-17
Ransomware-NutzungUnknown
Betroffene Produkte
cisco:asr_1001-hxcisco:asr_1001-xcisco:asr_1002-hxcisco:asr_1002-xcisco:asr_1004cisco:asr_1006cisco:asr_1006-xcisco:asr_1009-xcisco:asr_1013cisco:ioscisco:ios_xerockwellautomation:allen-bradley_stratix_5900
Schwachen (CWE)
CWE-20CWE-401
Referenzen
http://www.securityfocus.com/bid/103566(psirt@cisco.com)
http://www.securitytracker.com/id/1040595(psirt@cisco.com)
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03(psirt@cisco.com)
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04(psirt@cisco.com)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-ike(psirt@cisco.com)
http://www.securityfocus.com/bid/103566(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1040595(af854a3a-2127-422b-91ae-364da2661108)
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03(af854a3a-2127-422b-91ae-364da2661108)
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04(af854a3a-2127-422b-91ae-364da2661108)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-ike(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-0158(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.