Memory corruption in Cisco IOS XE - CVE-2018-0315
Published: June 6, 2018 / Updated: June 7, 2018
Vulnerability identifier: #VU13217
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2018-0315
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco IOS XE
Cisco IOS XE
Detailed vulnerability description
The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.
The vulnerability exists in the authentication, authorization, and accounting (AAA) security services of Cisco IOS XE Software due to boundary error when the software parses a username during login authentication. A remote unauthenticated attacker can attempt to authenticate to an affected device, trigger memory corruption and cause the affected device to reload or execute arbitrary code with elevated privileges.
How to mitigate CVE-2018-0315
Update to versions 16.9(0.91), 16.8(1.69), 16.8(1.10), 16.8(0.294), 16.8(0.277), 16.7(1.142).