#VU11342 Buffer overflow in Cisco IOS XE - CVE-2018-0151
Published: March 28, 2018 / Updated: March 8, 2022
Vulnerability identifier: #VU11342
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber
CVE-ID: CVE-2018-0151
CWE-ID: CWE-120
Exploitation vector: Remote access
Exploit availability:
The vulnerability is being exploited in the wild
Vulnerable software:
Cisco IOS XE
Cisco IOS XE
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote unauthenticated attacker to cause DoS condition or execute arbitrary code on the target system.
The weakness exists due to boundary error in packets that are destined for UDP port 18999. A remote attacker can send specially crafted packets, trigger buffer overflow, cause the service to crash and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Remediation
Update to versions 16.8(0.29), 16.7(0.181), 16.6.2, 16.6(1.93), 16.5(1.321), 16.3.5a, 16.3(5.1), 15.7(3.1.14A)OT, 15.7(3.1.9W)OT, 15.7(3.0u)M, 15.7(3)M1, 15.7(2.0v)M0.6, 15.6(3)M4, 15.6(3)M3.1, 15.6(2.13)SP3, 15.6(2)SP4, 15.5(3)S6.21 or 15.5(3)M7.