Multiple vulnerabilities in Cisco IOS XE
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 38 |
| CVE-ID | CVE-2018-0150 CVE-2018-0152 CVE-2018-0196 CVE-2018-0186 CVE-2018-0188 CVE-2018-0190 CVE-2018-0160 CVE-2018-0161 CVE-2018-0171 CVE-2018-0156 CVE-2018-0179 CVE-2018-0180 CVE-2018-0164 CVE-2018-0195 CVE-2018-0151 CVE-2018-0183 CVE-2018-0184 CVE-2018-0169 CVE-2018-0176 CVE-2018-0170 CVE-2018-0167 CVE-2018-0175 CVE-2018-0177 CVE-2018-0159 CVE-2018-0158 CVE-2018-0165 CVE-2018-0157 CVE-2018-0163 CVE-2018-0154 CVE-2018-0174 CVE-2018-0173 CVE-2018-0172 CVE-2018-0182 CVE-2018-0185 CVE-2018-0193 CVE-2018-0194 CVE-2018-0155 CVE-2018-0189 |
| CWE-ID | CWE-798 CWE-264 CWE-20 CWE-79 CWE-415 CWE-399 CWE-120 CWE-285 CWE-77 CWE-416 CWE-119 CWE-19 CWE-401 CWE-400 CWE-287 CWE-122 CWE-78 CWE-388 |
| Exploitation vector | Network |
| Public exploit |
Vulnerability #8 is being exploited in the wild. Vulnerability #9 is being exploited in the wild. Vulnerability #10 is being exploited in the wild. Vulnerability #11 is being exploited in the wild. Vulnerability #12 is being exploited in the wild. Vulnerability #15 is being exploited in the wild. Vulnerability #21 is being exploited in the wild. Vulnerability #22 is being exploited in the wild. Vulnerability #24 is being exploited in the wild. Vulnerability #25 is being exploited in the wild. Vulnerability #29 is being exploited in the wild. Vulnerability #30 is being exploited in the wild. Vulnerability #31 is being exploited in the wild. Vulnerability #32 is being exploited in the wild. Vulnerability #37 is being exploited in the wild. |
| Vulnerable software Subscribe |
Cisco IOS XE Operating systems & Components / Operating system |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains information about 38 vulnerabilities.
1) Use of hard-coded credentials
EUVDB-ID: #VU11328
Risk: Low
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0150
CWE-ID:
CWE-798 - Use of Hard-coded Credentials
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to bypass security restrictions on the target system.
The weakness exists due to an undocumented user account with privilege level 15 that has a default username and password. A remote attacker can use this account to remotely connect to an affected device and log in to the device with privilege level 15 access.
Update to versions 16.7(0.78), 16.6.1, 16.6.1a, 16.6(0.238), 16.5.2 or 16.5(1.67).
Cisco IOS XE: 16.5.1
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-xesc
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Privilege escalation
EUVDB-ID: #VU11329
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0152
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to gain elevated privileges on the target system.
The weakness exists in the web-based user interface (web UI) due to improper reset of the privilege level for each web UI session. A remote attacker who has valid credentials for an affected device can access a VTY line to the device remotely and gain root privileges.
Update to versions 16.8(0.25), 16.7(0.175), 16.6.2, 16.6(1.79), 16.5(1.321), 16.3.5, 16.3.5b or 16.3(4.115).
Cisco IOS XE: 16.6.1
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-xepriv
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper input validation
EUVDB-ID: #VU11330
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0196
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to write arbitrary files to the target system.
The weakness exists in the web-based user interface (web UI) due to insufficient input validation of HTTP requests that are sent to the web UI. A remote attacker can send a malicious HTTP request to the web UI and write arbitrary files.
Update to versions 16.3.2, 16.3(1.28) or 11.3(1).
Vulnerable software versionsCisco IOS XE: 16.1.2 - 16.3.1
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-wfw
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Cross-site scripting
EUVDB-ID: #VU11331
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0186
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The weakness exists in the web-based user interface (web UI) due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationUpdate to versions 16.5(0.33), 16.4.1, 16.4(0.195), 16.3.2 or 16.3(1.28).
Vulnerable software versionsCisco IOS XE: 16.1.2 - 16.3.0
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-webuixss
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Cross-site scripting
EUVDB-ID: #VU11332
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0188
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The weakness exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationUpdate to versions 16.4.1, 16.4(1), 16.4(0.121) or 16.3(5.107).
Cisco IOS XE: 16.1.2 - 16.3.0
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-webuixss
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Cross-site scripting
EUVDB-ID: #VU11333
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0190
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The weakness exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationUpdate to versions 16.7(1.107), 16.6(2.98), 16.5(1.315), 16.4.1 or 16.3(5.104).
Vulnerable software versionsCisco IOS XE: 16.1.2 - 16.3.0
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-webuixss
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Double free error
EUVDB-ID: #VU11334
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0160
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The weakness exists in Simple Network Management Protocol (SNMP) subsystem due to improper management of memory resources. A remote attacker can send specially crafted SNMP packets, trigger double free error and cause the service to crash.
Update to versions 16.7(0.88), 16.6.2, 16.6(1.68), 16.5(1.321), 16.3.5b, 16.3.5, 16.3(4.88) or 15.6(2.14)SP3.
Vulnerable software versionsCisco IOS XE: 15.5.3 S
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-snmp-dos
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Resource management errors
EUVDB-ID: #VU11335
Risk: Medium
CVSSv3.1: 7.4 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2018-0161
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The weakness exists in the Simple Network Management Protocol (SNMP) subsystem due to a condition that could occur when processing an SNMP read request that contains a request for the ciscoFlashMIB object ID (OID). A remote attacker can issue an SNMP GET request for the ciscoFlashMIB OID and cause the service to crash due to a SYS-3-CPUHOG.
Update to versions 15.2(6.3.30i)E, 15.2(6.3.0i)E, 15.2(6.2.6i)E or 15.2(6)E.
Vulnerable software versionsCisco IOS XE: 15.2.5 E
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-snmp
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
9) Buffer overflow
EUVDB-ID: #VU11336
Risk: High
CVSSv3.1: 9.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2018-0171
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: Yes
DescriptionThe vulnerability allows a remote unauthenticated attacker to cause DoS condition or execute arbitrary code on the target system.
The weakness exists in the Smart Install feature due to improper validation of packet data. A remote attacker can trigger buffer overflow, cause the service to crash and execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate to versions 16.3(5.72), 15.7(3.1.14A)OT, 15.7(3.1.10V)OT, 15.7(3.0z)M, 15.7(2.0v)M0.6, 15.6(3)M4, 15.6(3)M3.1, 15.5(3)M7, 15.5(3)M6.1, 15.5(1.0.93)SY1, 15.5(1.0.91)SY1, 15.5(1)SY1, 15.5(1)IC1.112, 15.5(1)IA1.529, 15.4(3)M9, 15.4(1.1.21)SY4, 15.4(1)SY4, 15.2(6.5.1i)E1, 15.2(6.4.66i)E1, 15.2(6.4.4i)E1, 15.2(6)E1, 15.2(4.7.8)EA7, 15.2(2)E8, 15.2(1)SY6, 15.2(1)SY5.114, 15.1(2)SY11.62 or 12.2(60)EZ13.
Vulnerable software versionsCisco IOS XE: 15.2.5 E
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
10) Improper input validation
EUVDB-ID: #VU11337
Risk: Medium
CVSSv3.1: 8.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2018-0156
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists in the Smart Install feature due to improper validation of packet data. A remote attacker can send a specially crafted packet to an affected device on TCP port 4786 and cause the service to crash.
Update to versions 16.3(5.72), 15.7(3.1.14A)OT, 15.7(3.1.9W)OT, 15.7(3.0u)M, 15.7(3)M1, 15.7(2.0v)M0.6, 15.6(3)M3.1, 15.5(3)M7, 15.5(3)M6.1, 15.5(1.0.91)SY1, 15.5(1)SY1, 15.5(1)IC1.73, 15.5(1)IA1.516, 15.4(3)M9, 15.4(1.1.21)SY4, 15.4(1)SY4, 15.2(6.5.1i)E1, 15.2(6.4.66i)E1, 15.2(6.3.0i)E, 15.2(6.2.20i)E, 15.2(6)E1, 15.2(4.7.8)EA7, 15.2(2)E8, 15.2(1)SY6, 15.2(1)SY5.114, 15.1(2)SY11.62 or 12.2(60)EZ13.
Vulnerable software versionsCisco IOS XE: 15.2.2 E4 - 15.2.2a JA
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
11) Resource management errors
EUVDB-ID: #VU11338
Risk: Medium
CVSSv3.1: 8.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2018-0179
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists due to an attempt to free an area of memory that has not been previously allocated. A remote attacker can attempt to log in via Secure Shell (SSH) or Telnet with invalid credentials multiple times and cause the service to crash.
Update to versions 15.7(3.1.8A)OT, 15.7(3.1.4A)OT, 15.6(3)M, 15.6(2.12.1a)T0, 15.6(2.3)T, 15.6(2)T0.1, 15.5(3)M2.1, 15.4(3)M6 or 15.4(1)IA1.102.
Vulnerable software versionsCisco IOS XE: 15.3.0.0.19 SY - 15.6.1.22 T
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-slogin
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
12) Resource management errors
EUVDB-ID: #VU11339
Risk: Medium
CVSSv3.1: 8.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2018-0180
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists due to an attempt to free an area of memory that has not been previously allocated. A remote attacker can attempt to log in via Secure Shell (SSH) or Telnet with invalid credentials multiple times while the administrator modifies the login block-for configuration and cause the service to crash.
Update to versions 15.7(3.1.8A)OT, 15.7(3.1.4A)OT, 15.6(3)M, 15.6(2.19)T, 15.6(2.0.1a)T0, 15.5(3)M6 or 15.4(3)M6.
Vulnerable software versionsCisco IOS XE: 15.3.0.0.19 SY - 15.4.3 M4.1
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-slogin
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
13) Improper input validation
EUVDB-ID: #VU11340
Risk: Medium
CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0164
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists in the Switch Integrated Security Features due to incorrect handling of crafted IPv6 packets. A remote attacker can send specially crafted IPv6 packets, trigger interface queue wedge and cause the service to crash.
Update to versions 16.7(0.51), 16.6.1a, 16.6.1, 16.6(0.221), 16.3(5.66), 15.6(2.18)S2.21, 15.6(2)SP3, 15.6(2)S4, 15.6(1.28)SP2, 15.5(3)S6.15, 15.5(1.0.91)SY1, 15.5(1)SY1, 15.5(1)IA1.363, 15.4(3)S9, 15.4(3)S8.7, 15.4(1.1.28)SY3, 15.4(1)SY3, 15.4(1)IC1.126, 15.2(6.3.0i)E, 15.2(6.2.16i)E, 15.2(6)E, 15.2(4.7.14)EA7, 15.2(2)E8, 15.2(1)SY6, 15.2(1)SY5.94, 8.3(0)SK(0.39), 7.0(3)INF7(0.6), 7.0(3)INF7(0), 7.0(3)IGH7(0.23), 7.0(3)IGH7(0), 7.0(3)IGC7(0.15), 7.0(3)IGC7(0), 7.0(3)IBB6(0.2), 7.0(3)IBB6(0), 7.0(3)I7(1) or 7.0(3)I7(0.110).
Vulnerable software versionsCisco IOS XE: 15.6.2 SP
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-sisf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Improper authorization
EUVDB-ID: #VU11341
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0195
CWE-ID:
CWE-285 - Improper Authorization
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to bypass authorization and obtain elevated privileges on the target system.
The weakness exists in the REST API due to insufficient authorization checks for requests that are sent to the REST API. A remote attacker can send a specially crafted request via the REST API, bypass authorization and gain root privileges.
Update to versions 16.4.1, 16.4(0.54), 16.3.1, 16.3(0.225) or 16.2(1.31).
Vulnerable software versionsCisco IOS XE: 16.1.2 - 16.3.0
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-rest
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Buffer overflow
EUVDB-ID: #VU11342
Risk: High
CVSSv3.1: 9.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2018-0151
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to cause DoS condition or execute arbitrary code on the target system.
The weakness exists due to boundary error in packets that are destined for UDP port 18999. A remote attacker can send specially crafted packets, trigger buffer overflow, cause the service to crash and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate to versions 16.8(0.29), 16.7(0.181), 16.6.2, 16.6(1.93), 16.5(1.321), 16.3.5a, 16.3(5.1), 15.7(3.1.14A)OT, 15.7(3.1.9W)OT, 15.7(3.0u)M, 15.7(3)M1, 15.7(2.0v)M0.6, 15.6(3)M4, 15.6(3)M3.1, 15.6(2.13)SP3, 15.6(2)SP4, 15.5(3)S6.21 or 15.5(3)M7.
Vulnerable software versionsCisco IOS XE: 16.5.1
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-qos
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
16) Command injection
EUVDB-ID: #VU11345
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0183
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists in the CLI parser of Cisco IOS XE Software due to the affected software improperly sanitizing command arguments to prevent access to internal data structures on a device. A local attacker with privileged EXEC mode (privilege level 15) access can execute CLI commands that contain crafted arguments, gain access to the underlying Linux shell and execute arbitrary commands with root privileges.
Update to version 16.8(0.130), 16.7(1.42), 16.6(2.37), 16.5(1.230), 16.3(5.38), 15.6(2)S, 15.6(1)S2, 15.5(3)S3a, 15.5(3)S3.
Cisco IOS XE: 15.4.3 S
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-privesc3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Command injection
EUVDB-ID: #VU11346
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0184
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists in the CLI parser of Cisco IOS XE Software due to the affected software improperly sanitizing command arguments to prevent access to internal data structures on a device. A local attacker with privileged EXEC mode (privilege level 15) access can execute CLI commands that contain crafted arguments, gain access to the underlying Linux shell and execute arbitrary commands with root privileges.
The vulnerability is addressed in the following version 16.6.2, 16.7(0.121), 16.6(1.70), 16.5(1.315), 16.3(5.17), 15.7(3.1.14A)OT, 15.7(3.1.9T)OT, 15.7(3.0t)M, 15.7(3)M1, 15.7(2.0v)M0.6, 15.6(3)M4, 15.6(3)M3.1, 15.6(2.10)SP3, 15.6(2)SP4, 15.5(3)S6.13, 15.5(3)M7, 15.5(3)M6.1, 15.5(1.0.91)SY1, 15.5(1)SY1, 15.5(1)IC1.73, 15.5(1)IA1.509, 15.4(3)S9, 15.4(3)S8.7, 15.4(3)M9, 15.2(6.5.1i)E1, 15.2(6.4.66i)E1, 15.2(6.4.0i)E1, 15.2(6.2.72i)E, 15.2(6)E1, 15.2(4.7.12)EA7, 15.2(1)SY6, 15.2(1)SY5.97
Cisco IOS XE: 16.5.1
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-privesc2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Command injection
EUVDB-ID: #VU11347
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0169
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists in the CLI parser of Cisco IOS XE Software due to the affected software improperly sanitizing command arguments to prevent access to internal data structures on a device. A local attacker with privileged EXEC mode (privilege level 15) access can execute CLI commands that contain crafted arguments, gain access to the underlying Linux shell and execute arbitrary commands with root privileges.
The vulnerability is addressed in the following version: 15.0(9.0)PKD, 3.2(0)SE, 16.1.116.1(0.196), 15.6(2.13)SP3, 15.6(2)SP4, 15.5(3)S6.17, 15.5(1.0.93)SY1, 15.5(1)SY1,
15.5(1)IC1.112, 15.5(1)IA1.533, 15.4(3)S9, 15.4(3)S8.7, 15.4(1.1.21)SY4, 15.4(1)SY4, 15.2(6.5.3i)E1
15.2(6.4.81i)E1, 15.2(6)E1, 15.2(2)E8, 15.2(1)SY6, 15.2(1)SY5.128, 15.1(2)SY11.56, 15.0(1.9.1)SQD8, 12.2(60)EZ13.
Cisco IOS XE: 15.0.5.59 EMD - 16.2.0
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-privesc1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Command injection
EUVDB-ID: #VU11348
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0176
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists in the CLI parser of Cisco IOS XE Software due to the affected software improperly sanitizing command arguments to prevent access to internal data structures on a device. A local attacker with privileged EXEC mode (privilege level 15) access can execute CLI commands that contain crafted arguments, gain access to the underlying Linux shell and execute arbitrary commands with root privileges.
The vulnerability is addressed in the following version: 15.0(9.0)PKD, 3.2(0)SE, 16.1.116.1(0.196), 15.6(2.13)SP3, 15.6(2)SP4, 15.5(3)S6.17, 15.5(1.0.93)SY1, 15.5(1)SY1,
15.5(1)IC1.112, 15.5(1)IA1.533, 15.4(3)S9, 15.4(3)S8.7, 15.4(1.1.21)SY4, 15.4(1)SY4, 15.2(6.5.3i)E1
15.2(6.4.81i)E1, 15.2(6)E1, 15.2(2)E8, 15.2(1)SY6, 15.2(1)SY5.128, 15.1(2)SY11.56, 15.0(1.9.1)SQD8, 12.2(60)EZ13.
Cisco IOS XE: 15.0.5.59 EMD - 16.2.0
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-privesc1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Use after free
EUVDB-ID: #VU11350
Risk: Medium
CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0170
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists in the Cisco Umbrella Integration feature due to logic error when handling a malformed incoming packet, leading to access to an internal data structure after it has been freed. A remote attacker can send specially crafted, malformed IP packets, trigger use after free and cause the service to crash.
Update to versions 16.5(0.93), 16.4.1, 16.4(0.228), 16.3.3, 16.3(1.80) or 11.3(3).
Vulnerable software versionsCisco IOS XE: 16.4.1
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-opendns-dos
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Buffer overflow
EUVDB-ID: #VU11351
Risk: Low
CVSSv3.1: 9.2 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2018-0167
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows an adjacent unauthenticated attacker to cause DoS condition or execute arbitrary code with elevated privileges on the target system.
The weakness exists in the LLDP subsystem due to improper error handling of malformed LLDP messages. An adjacent attacker can submit a specially crafted LLDP protocol data unit (PDU), trigger buffer overflow, cause the service to crash or execute arbitrary code with root privileges.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate to versions 5.2.21, 5.2.2, 5.2.1, 5.2.0.21i.FWDG, 5.2.0, 5.1.4, 5.1.3.12i.FWDG, 5.1.3, 16.5(1.315), 16.3(5.44), 15.7(3.1.14A)OT, 15.7(3.1.8A)OT, 15.7(3.1.4N)OT, 15.7(2.0r)M, 15.6(3)M3, 15.6(3)M2.2, 15.6(2.13)SP3, 15.6(2)SP4, 15.5(3)S6.15, 15.5(3)M6, 15.5(1.0.93)SY1, 15.5(1)SY1, 15.5(1)IC1.73, 15.5(1)IA1.511, 15.4(3)S9, 15.4(3)S8.7, 15.4(3)M9, 15.4(1.1.20)SY4, 15.4(1)SY4, 15.3(3)JPC7, 15.3(3)JG, 15.3(3)JF2, 15.3(3)JDA13, 15.3(3)JDA12, 15.3(3)JD13, 15.3(3)JD12, 15.2(6.5.1i)E1, 15.2(6.4.66i)E1, 15.2(6)E1, 15.2(6)E0c, 15.2(4.7.10)EA7, 15.2(2)E8, 15.2(1)SY6, 15.2(1)SY5.98, 15.1(2)SY11.60, 15.0(1.9.1)SQD8, 12.2(60)EZ13, 10.2(171.47), 8.8(1.58), 8.7(1.133), 8.6(101.0), 8.6(1.179), 8.5(110.0), 8.5(107.104), 8.3(140.0), 8.3(135.3), 8.3(134.90), 8.3(134.87), 8.3(134.81), 8.2(167.7), 8.2(167.6), 8.0(152.6) or 8.0(152.5).
Vulnerable software versionsCisco IOS XE: 5.2.0 - 15.4.3 M4.1
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
22) Memory corruption
EUVDB-ID: #VU11352
Risk: Low
CVSSv3.1: 9.2 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2018-0175
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows an adjacent unauthenticated attacker to cause DoS condition or execute arbitrary code with elevated privileges on the target system.
The weakness exists in the LLDP subsystem due to improper handling of certain fields in an LLDP message. An adjacent attacker can submit a specially crafted LLDP PDU, trick the victim into executing a specific show command in the CLI, trigger memory corruption, cause the service to crash or execute arbitrary code with root privileges.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate to versions 16.3.4, 16.3.4a, 16.3(3.36), 15.7(3.1.14A)OT, 15.7(3.1.8A)OT, 15.7(3.1.4N)OT, 15.7(2.0r)M, 15.6(2.13)SP3, 15.6(2)SP4, 15.5(3)S6.15, 15.5(3)M7, 15.5(3)M6.1, 15.5(1.0.93)SY1, 15.5(1)SY1, 15.5(1)IC1.73, 15.5(1)IA1.509, 15.4(3)S9, 15.4(3)S8.7, 15.4(3)M9, 15.4(1.1.22)SY4, 15.4(1)SY4, 15.3(3)JPC7, 15.3(3)JG, 15.3(3)JF2, 15.3(3)JDA12, 15.3(3)JD13, 15.3(3)JD12, 15.2(6.3.30i)E, 15.2(6.3.0i)E, 15.2(6.2.6i)E, 15.2(6)E, 15.2(4.7.10)EA7, 15.2(2)E7, 15.2(1)SY6, 15.2(1)SY5.97, 15.1(2)SY11.61, 15.0(1.9.1)SQD8, 12.2(60)EZ13, 10.2(171.47), 8.8(1.57), 8.7(1.131), 8.6(101.0), 8.6(1.178), 8.5(110.0), 8.5(107.105), 8.3(140.0), 8.3(134.86), 8.3(134.81), 8.2(167.6), 8.0(152.5) or 3.6(7)E.
Vulnerable software versionsCisco IOS XE: 15.4.3 M4.1
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
23) Data handling
EUVDB-ID: #VU11353
Risk: Medium
CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0177
CWE-ID:
CWE-19 - Data Handling
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to cause high CPU utilization, traceback messages, or cause DoS condition on the target system.
The weakness exists in the IP Version 4 (IPv4) processing code due to incorrect processing of certain IPv4 packets. A remote attacker can send specially crafted IPv4 packets to an IPv4 address, trigger high CPU utilization, traceback messages, or cause the service to crash.
Update to versions 16.5.2, 16.5.1a, 16.3.4, 16.6(0.163), 16.5(1.25) or 16.3(3.26).
Vulnerable software versionsCisco IOS XE: 16.3.1 - 16.3.3
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-ipv4
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Improper input validation
EUVDB-ID: #VU11354
Risk: Medium
CVSSv3.1: 8.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2018-0159
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists in the implementation of Internet Key Exchange Version 1 (IKEv1) functionality due to improper validation of specific IKEv1 packets. A remote attacker can send specially crafted IKEv1 packets during an IKE negotiation and cause the service to crash.
MitigationUpdate to evrsions 15.4(2)S, 15.7(3.1.11D)OT, 15.6(1)SN, 15.5(0)IA1.1, 15.4(2)T1, 15.4(2)T, 15.4(2)SN1, 15.4(2)SN, 15.4(2)S1, 15.4(2)CG, 15.4(2.1.1)S, 15.4(1)IA1.1, 15.4(1.13)S, 15.4(1.12)T, 15.4(1.9.2)XEB, 15.3(3)JPC7, 15.3(3)JPC6, 15.3(3)JPC5, 15.3(3)JF2, 15.3(3)JF, 15.3(3)JE, 15.3(3)JD7, 15.3(3)JD5, 15.3(3)JD3, 15.3(3)JC6, 15.3(3)JA11, 15.3(1)IE101.209, 15.2(6.3.0i)E, 15.2(5.0)ST, 15.2(4.0)ST, 15.2(4.0.64a)E, 15.2(4.0.21)E, 15.2(2)E8, 15.2(1)SY2, 15.2(1)SY1.13, 15.1(2)SY11.64, 12.2(60)EZ13 or 12.2(33)CY2.
Vulnerable software versionsCisco IOS XE: 15.3.3 S
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-ike-dos
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
25) Memory leak
EUVDB-ID: #VU11356
Risk: Medium
CVSSv3.1: 8.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2018-0158
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists in the Internet Key Exchange Version 2 (IKEv2) module due to incorrect processing of certain IKEv2 packets. A remote attacker can send specially crafted IKEv2 packets, trigger memory leak and cause the service to crash.
Update to versions 16.4(2.68), 16.3.5b, 16.3.5, 16.3(4.67), 15.7(3.1.14A)OT, 15.7(3.1.5U)OT, 15.7(3)M1, 15.7(3)M, 15.7(2.0v)M0.2, 15.7(2.0y)M, 15.6(3)M3, 15.6(2.18)S2.23, 15.6(2)T3, 15.6(2)SP3, 15.6(2)S4, 15.6(1.41)SP2, 15.5(3)S6a, 15.5(3)S6, 15.5(3)S5.31, 15.5(3)M6, 15.5(1.0.93)SY1, 15.5(1.0.91)SY1, 15.5(1)SY1, 15.5(1)IA1.428, 15.4(1.1.13)SY3, 15.4(1)SY3, 15.2(6.5.1i)E1, 15.2(6.4.66i)E1, 15.2(6.3.0i)E, 15.2(6.2.20i)E, 15.2(6)E1, 15.2(4.6.22)EA5, 15.2(4)EA6 or 15.2(4)E5.
Vulnerable software versionsCisco IOS XE: 15.5.3 S1.1 - 15.5.3 S1.12
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-ike
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
26) Resource exhaustion
EUVDB-ID: #VU11357
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0165
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows an adjacent unauthenticated attacker to cause DoS condition on the target system.
The weakness exists in the Internet Group Management Protocol (IGMP) packet-processing functionality due to insufficiently processing of IGMP Membership Query packets. An adjacent attacker can send a large number of specially crafted IGMP Membership Query packets, trigger buffer exhaustion and cause the service to crash.
Update to versions 16.7(0.83), 16.6(1.3), 16.6(0.244), 16.3.5b, 16.3.5, 16.3(4.60), 15.2(5.5.64)E, 15.2(5.5.63)E, 15.2(5.0.73)E, 15.2(5)E, 15.2(4)E3, 15.2(4)E2, 15.2(4)E1, 3.9(0)E or 3.8(1)E.
Vulnerable software versionsCisco IOS XE: 15.2.3 E - 16.3.3
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-igmp
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Data handling
EUVDB-ID: #VU11358
Risk: Medium
CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0157
CWE-ID:
CWE-19 - Data Handling
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists in the Zone-Based Firewall code due to improper handling of fragmented packets. A remote attacker can send fragmented IP Version 4 or IP Version 6 packets and cause the service to crash.
Update to versions 16.6.2, 16.5.2, 16.5(1.132) or 16.4(2.116).
Vulnerable software versionsCisco IOS XE: 16.4.1
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-fwip
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Improper authentication
EUVDB-ID: #VU11359
Risk: Low
CVSSv3.1: 5.5 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0163
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows an adjacent unauthenticated attacker to bypass authentication on the target system.
The weakness exists in the 802.1x multiple-authentication (multi-auth) feature due to logic change error introduced into the code. An adjacent attacker can try to access an 802.1x multi-auth port after a successful supplicant has authenticated and bypass the 802.1x access controls.
Update to versions 15.7(3.1.14A)OT, 15.7(3.1.10U)OT, 15.7(3.0z)M, 15.7(2.0v)M0.6, 15.6(3)M4, 15.6(3)M3.1 or 15.5(3)M7.
Vulnerable software versionsCisco IOS XE: 15.4.3.0i M6 - 15.7.3 M
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dot1x
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Data handling
EUVDB-ID: #VU11360
Risk: Medium
CVSSv3.1: 8.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2018-0154
CWE-ID:
CWE-19 - Data Handling
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists in the crypto engine of the Cisco Integrated Services Module for VPN (ISM-VPN) due to insufficient handling of VPN traffic. A remote attacker can send specially crafted VPN traffic and cause the service to crash.
Update to versions 15.7(3.1.8A)OT, 15.7(3.1.4A)OT, 15.7(2.0k)M, 15.6(3)M3, 15.6(3)M2.2, 15.6(2)T3, 15.5(3)M6 or 15.4(3)M8.
Vulnerable software versionsCisco IOS XE: All versions
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dos
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
30) Improper input validation
EUVDB-ID: #VU11361
Risk: Medium
CVSSv3.1: 8.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2018-0174
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists in the DHCP option 82 encapsulation functionality due to incomplete input validation of option 82 information that it receives in DHCP Version 4 (DHCPv4) packets from DHCP relay agents. A remote attacker can send a specially crafted DHCPv4 packet and cause the service to crash.
Update to versions 15.3(3)S2, 15.2(4)S5, 12.2(33)SRE10, 15.4(1)S0e, 15.4(1)S, 15.4(1.9.1)XEB, 15.4(1.8)S, 15.3(3)S2t, 15.3(3)S2a, 15.3(3)S1.4, 15.2(6)E1, 15.2(6.5.9i)E1, 15.2(6.4.85i)E1, 15.2(4.7.5)EA7, 15.0(1.9.1)SQD8 or 12.2(60)EZ13.
Vulnerable software versionsCisco IOS XE: 12.2.33 SRE7a
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dhcpr3
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
31) Improper input validation
EUVDB-ID: #VU11362
Risk: Medium
CVSSv3.1: 8.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2018-0173
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists in the function that restores encapsulated option 82 information in DHCP Version 4 (DHCPv4) packets due to incomplete input validation of encapsulated option 82 information that it receives in DHCPOFFER messages from DHCPv4 servers. A remote attacker can send a specially crafted DHCPv4 packet and cause the service to crash.
Update to evrsions 16.6(2.67), 16.5(1.321), 16.3(5.73), 15.6(2.18)SP3, 15.6(2)SP4, 15.5(3)S6.23, 15.4(3)S9, 15.2(6.5.1i)E1, 15.2(6.4.66i)E1, 15.2(6.4.63i)E1, 15.2(6)E1, 15.2(4.7.6)EA7, 15.0(1.9.1)SQD8 or 12.2(60)EZ13.
Vulnerable software versionsCisco IOS XE: 16.3.4
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dhcpr2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
32) Heap-based buffer overflow
EUVDB-ID: #VU11363
Risk: Medium
CVSSv3.1: 8.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2018-0172
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists in the DHCP option 82 encapsulation functionality due to incomplete input validation of option 82 information that it receives in DHCP Version 4 (DHCPv4) packets from DHCP relay agents. A remote attacker can send a specially crafted DHCPv4 packet, trigger heap overflow and cause the service to crash.
Update to versions 16.6(2.65), 16.5(1.321), 16.3(5.72), 15.6(2.18)SP3, 15.6(2)SP4, 15.5(3)S6.23, 15.4(3)S9, 15.2(6.5.1i)E1, 15.2(6.4.66i)E1, 15.2(6.4.62i)E1, 15.2(6)E1, 15.2(4.7.3)EA7, 15.0(1.9.1)SQD8 or 12.2(60)EZ13.
Vulnerable software versionsCisco IOS XE: All versions
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dhcpr1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
33) OS command injection
EUVDB-ID: #VU11364
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0182
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated attacker to inject and execute arbitrary commands with elevated privileges on the target system.
The weakness exists in the CLI parser due to sufficiently sanitization of command arguments before passing commands to the Linux shell for execution. A local attacker can submit a malicious CLI command, gain access to the underlying Linux shell and execute arbitrary commands with root privileges.
Update to versions 16.5(0.10), 16.4.1, 16.4(0.182) or 16.3.2.
Vulnerable software versionsCisco IOS XE: 16.1.2 - 16.3.1
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-cmdinj
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) OS command injection
EUVDB-ID: #VU11365
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0185
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated attacker to inject and execute arbitrary commands with elevated privileges on the target system.
The weakness exists in the CLI parser due to sufficiently sanitization of command arguments before passing commands to the Linux shell for execution. A local attacker can submit a malicious CLI command, gain access to the underlying Linux shell and execute arbitrary commands with root privileges.
Update to versions 16.4.1, 16.4(0.23), 16.3.1 or 16.3(0.202).
Vulnerable software versionsCisco IOS XE: 16.1.2 - 16.3.0
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-cmdinj
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) OS command execution
EUVDB-ID: #VU11366
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0193
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated attacker to inject and execute arbitrary commands with elevated privileges on the target system.
The weakness exists in the CLI parser due to sufficiently sanitization of command arguments before passing commands to the Linux shell for execution. A local attacker can submit a malicious CLI command, gain access to the underlying Linux shell and execute arbitrary commands with root privileges.
Update to versions 16.4.1, 16.4(0.122) or 16.3.2.
Vulnerable software versionsCisco IOS XE: 16.1.2 - 16.3.0
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-cmdinj
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) OS command execution
EUVDB-ID: #VU11367
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0194
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated attacker to inject and execute arbitrary commands with elevated privileges on the target system.
The weakness exists in the CLI parser due to sufficiently sanitization of command arguments before passing commands to the Linux shell for execution. A local attacker can submit a malicious CLI command, gain access to the underlying Linux shell and execute arbitrary commands with root privileges.
Update to versions 16.4.1, 16.4(0.72), 16.3.1 or 16.3(0.234).
Vulnerable software versionsCisco IOS XE: 16.1.2 - 16.3.0
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-cmdinj
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Error handling
EUVDB-ID: #VU11368
Risk: Medium
CVSSv3.1: 8.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2018-0155
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists in the Bidirectional Forwarding Detection (BFD) offload implementation of Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches due to insufficient error handling when the BFD header in a BFD packet is incomplete. A remote attacker can send a specially crafted BFD message to or across an affected switch and cause the service to crash.
Update to versions 15.2(6.5.1i)E1, 15.2(6.4.66i)E1, 15.2(6.4.0i)E1, 15.2(6.3.46i)E, 15.2(6.2.20i)E, 15.2(6)E1, 15.2(4.7.6)EA7 or 15.2(2)E8.
Vulnerable software versionsCisco IOS XE: 3.6.2 E
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-bfd
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
38) Resource management errors
EUVDB-ID: #VU11373
Risk: Medium
CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-0189
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists in the Forwarding Information Base (FIB) code due to a limitation in the way the FIB is internally representing recursive routes. A remote attacker can inject routes into the routing protocol that have a specific recursive pattern and cause the service to crash.
Update to versions 15.6(2)SP1, 15.5(3)S5, 15.4(3)S7, 16.4.2, 16.4.1, 16.3.3, 11.3.3, 16.5(0.13), 16.4.2, 16.4.1, 16.4(0.187), 16.3.3, 16.3(1.81), 15.7(3.1.8A)OT, 15.7(3.1.4A)OT, 15.7(0.2)M, 15.6(3)M1, 15.6(3.0p)M, 15.6(2)T2, 15.6(1)S4.2, 15.6(1)S2.18, 15.6(1.17)S0.47, 15.6(1.9)SP1, 15.5(4)IA1.1, 15.5(3)S4.1, 15.5(3)M5, 15.5(3)M4.1, 15.5(0)IA101.142, 15.4(3)S6.2, 15.4(3)S6.1, 15.4(3)M7, 15.4(1)SY2, 15.4(1)IA1.201, 15.2(6.3.0i)E, 15.2(5)EX, 15.2(5)E2, 15.2(5)E1, 15.2(5.8.1)EA, 15.2(5.7.2)EA, 15.2(5.6.56)EA, 15.2(5.4.1i)E2, 15.2(5.3.29i)E1, 15.2(5.3.27i)E1, 15.2(4)EA6, 15.2(4)E5, 15.2(4.6.22)EA5, 15.2(1)SY6, 15.2(1)SY5.105 or 11.3(3).
Vulnerable software versionsCisco IOS XE: 15.4.3 S
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-FIB-dos
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
