Main Vulnerability Database Exploits ID:8787 - Exploit for Buffer overflow in Cisco IOS XE - CVE-2018-0171

ID:8787 - Exploit for Buffer overflow in Cisco IOS XE - CVE-2018-0171

Published: February 1, 2023

Vulnerability identifier: #VU11336

Vulnerability risk: High

CVE-ID: CVE-2018-0171

CWE-ID: CWE-120

Exploitation vector: Remote access

Vulnerable software:
Cisco IOS XE

Link to public exploit:

https://github.com/AlrikRr/Cisco-Smart-Exploit

Vulnerability description

The vulnerability allows a remote unauthenticated attacker to cause DoS condition or execute arbitrary code on the target system.

The weakness exists in the Smart Install feature due to improper validation of packet data. A remote attacker can trigger buffer overflow, cause the service to crash and execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update to versions 16.3(5.72), 15.7(3.1.14A)OT, 15.7(3.1.10V)OT, 15.7(3.0z)M, 15.7(2.0v)M0.6, 15.6(3)M4, 15.6(3)M3.1, 15.5(3)M7, 15.5(3)M6.1, 15.5(1.0.93)SY1, 15.5(1.0.91)SY1, 15.5(1)SY1, 15.5(1)IC1.112, 15.5(1)IA1.529, 15.4(3)M9, 15.4(1.1.21)SY4, 15.4(1)SY4, 15.2(6.5.1i)E1, 15.2(6.4.66i)E1, 15.2(6.4.4i)E1, 15.2(6)E1, 15.2(4.7.8)EA7, 15.2(2)E8, 15.2(1)SY6, 15.2(1)SY5.114, 15.1(2)SY11.62 or 12.2(60)EZ13.

ID:8787 - Exploit for Buffer overflow in Cisco IOS XE - CVE-2018-0171

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human