Lucene search
CiscoCISCO-SA-20180328-IKEHistoryMar 28, 2018 - 4:00 p.m.
Cisco IOS and IOS XE Software Internet Key Exchange Memory Leak Vulnerability
2018-03-2816:00:00
tools.cisco.com
45
0.01 Low
EPSS
Percentile
83.5%
A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak or a reload of an affected device that leads to a denial of service (DoS) condition.
The vulnerability is due to incorrect processing of certain IKEv2 packets. An attacker could exploit this vulnerability by sending crafted IKEv2 packets to an affected device to be processed. A successful exploit could cause an affected device to continuously consume memory and eventually reload, resulting in a DoS condition.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-ike [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-ike”]
This advisory is part of the March 28, 2018, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 20 Cisco Security Advisories that describe 22 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: March 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication [“https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-66682”].
Affected configurations
Node
ciscoiosMatch15.2e
ORciscoiosMatch15.5s
ORciscoiosMatch15.2ea
ORciscoiosMatch15.5m
ORciscoiosMatch15.5sn
ORciscoiosMatch15.6s
ORciscoiosMatch15.6t
ORciscoiosMatch15.3sy
ORciscoiosMatch15.6sp
ORciscoiosMatch15.6sn
ORciscoiosMatch15.6m
ORciscoiosMatch15.2ec
ORciscoiosMatch15.4sy
ORciscoiosMatch15.5sy
ORciscoiosMatch15.3jpi
ORciscoiosMatch15.3jpj
ORciscoiosMatch15.3jpr
ORciscorvs4000_softwareMatch3.16s
ORciscorvs4000_softwareMatch3.17s
ORciscorvs4000_softwareMatch16.1
ORciscorvs4000_softwareMatch16.2
ORciscorvs4000_softwareMatch3.8e
ORciscorvs4000_softwareMatch16.3
ORciscorvs4000_softwareMatch16.4
ORciscorvs4000_softwareMatch3.18s
ORciscorvs4000_softwareMatch3.18sp
ORciscorvs4000_softwareMatch3.9e
ORciscorvs4000_softwareMatch3.10e
ORciscoiosMatch15.2\(4\)e
ORciscoiosMatch15.2\(4\)e1
ORciscoiosMatch15.2\(4\)e2
ORciscoiosMatch15.2\(4m\)e1
ORciscoiosMatch15.2\(5\)e
ORciscoiosMatch15.2\(4\)e3
ORciscoiosMatch15.2\(5a\)e
ORciscoiosMatch15.2\(5\)e1
ORciscoiosMatch15.2\(5b\)e
ORciscoiosMatch15.2\(4m\)e3
ORciscoiosMatch15.2\(5c\)e
ORciscoiosMatch15.2\(4n\)e2
ORciscoiosMatch15.2\(4o\)e2
ORciscoiosMatch15.2\(5a\)e1
ORciscoiosMatch15.2\(4\)e4
ORciscoiosMatch15.2\(5\)e2
ORciscoiosMatch15.2\(4p\)e1
ORciscoiosMatch15.2\(6\)e
ORciscoiosMatch15.2\(5\)e2b
ORciscoiosMatch15.2\(5\)e2c
ORciscoiosMatch15.2\(4m\)e2
ORciscoiosMatch15.2\(4o\)e3
ORciscoiosMatch15.2\(4q\)e1
ORciscoiosMatch15.2\(6\)e0a
ORciscoiosMatch15.2\(6\)e0c
ORciscoiosMatch15.2\(4s\)e1
ORciscoiosMatch15.2\(4s\)e2
ORciscoiosMatch15.5\(3\)s
ORciscoiosMatch15.5\(3\)s1
ORciscoiosMatch15.5\(3\)s1a
ORciscoiosMatch15.5\(3\)s2
ORciscoiosMatch15.5\(3\)s0a
ORciscoiosMatch15.5\(3\)s3
ORciscoiosMatch15.5\(3\)s4
ORciscoiosMatch15.5\(3\)s5
ORciscoiosMatch15.2\(4\)ea
ORciscoiosMatch15.2\(4\)ea1
ORciscoiosMatch15.2\(4\)ea3
ORciscoiosMatch15.2\(5\)ea
ORciscoiosMatch15.2\(4\)ea4
ORciscoiosMatch15.2\(4\)ea5
ORciscoiosMatch15.5\(3\)m
ORciscoiosMatch15.5\(3\)m1
ORciscoiosMatch15.5\(3\)m0a
ORciscoiosMatch15.5\(3\)m2
ORciscoiosMatch15.5\(3\)m2a
ORciscoiosMatch15.5\(3\)m3
ORciscoiosMatch15.5\(3\)m4
ORciscoiosMatch15.5\(3\)m4a
ORciscoiosMatch15.5\(3\)m5
ORciscoiosMatch15.5\(3\)m4b
ORciscoiosMatch15.5\(3\)m4c
ORciscoiosMatch15.5\(3\)sn0a
ORciscoiosMatch15.5\(3\)sn
ORciscoiosMatch15.6\(1\)s
ORciscoiosMatch15.6\(2\)s
ORciscoiosMatch15.6\(2\)s1
ORciscoiosMatch15.6\(1\)s1
ORciscoiosMatch15.6\(1\)s2
ORciscoiosMatch15.6\(2\)s2
ORciscoiosMatch15.6\(1\)s3
ORciscoiosMatch15.6\(2\)s3
ORciscoiosMatch15.6\(1\)s4
ORciscoiosMatch15.6\(1\)t
ORciscoiosMatch15.6\(2\)t
ORciscoiosMatch15.6\(1\)t0a
ORciscoiosMatch15.6\(1\)t1
ORciscoiosMatch15.6\(2\)t1
ORciscoiosMatch15.6\(1\)t2
ORciscoiosMatch15.6\(2\)t0a
ORciscoiosMatch15.6\(2\)t2
ORciscoiosMatch15.6\(1\)t3
ORciscoiosMatch15.3\(1\)sy
ORciscoiosMatch15.3\(0\)sy
ORciscoiosMatch15.3\(1\)sy1
ORciscoiosMatch15.3\(1\)sy2
ORciscoiosMatch15.6\(2\)sp
ORciscoiosMatch15.6\(2\)sp1
ORciscoiosMatch15.6\(2\)sp2
ORciscoiosMatch15.6\(1\)sn
ORciscoiosMatch15.6\(1\)sn1
ORciscoiosMatch15.6\(2\)sn
ORciscoiosMatch15.6\(1\)sn2
ORciscoiosMatch15.6\(1\)sn3
ORciscoiosMatch15.6\(3\)sn
ORciscoiosMatch15.6\(4\)sn
ORciscoiosMatch15.6\(5\)sn
ORciscoiosMatch15.6\(6\)sn
ORciscoiosMatch15.6\(7\)sn
ORciscoiosMatch15.6\(7\)sn1
ORciscoiosMatch15.6\(7\)sn2
ORciscoiosMatch15.6\(7\)sn3
ORciscoiosMatch15.6\(3\)m
ORciscoiosMatch15.6\(3\)m1
ORciscoiosMatch15.6\(3\)m0a
ORciscoiosMatch15.6\(3\)m1a
ORciscoiosMatch15.6\(3\)m1b
ORciscoiosMatch15.6\(3\)m2
ORciscoiosMatch15.6\(3\)m2a
ORciscoiosMatch15.2\(4\)ec1
ORciscoiosMatch15.2\(4\)ec2
ORciscoiosMatch15.4\(1\)sy
ORciscoiosMatch15.4\(1\)sy1
ORciscoiosMatch15.4\(1\)sy2
ORciscoiosMatch15.5\(1\)sy
ORciscoiosMatch15.3\(3\)jpi
ORciscoiosMatch15.3\(3\)jpj
ORciscoiosMatch15.3\(3\)jpr1
ORciscorvs4000_softwareMatch3.16.0s
ORciscorvs4000_softwareMatch3.16.1s
ORciscorvs4000_softwareMatch3.16.0as
ORciscorvs4000_softwareMatch3.16.1as
ORciscorvs4000_softwareMatch3.16.2s
ORciscorvs4000_softwareMatch3.16.2as
ORciscorvs4000_softwareMatch3.16.0bs
ORciscorvs4000_softwareMatch3.16.0cs
ORciscorvs4000_softwareMatch3.16.3s
ORciscorvs4000_softwareMatch3.16.2bs
ORciscorvs4000_softwareMatch3.16.3as
ORciscorvs4000_softwareMatch3.16.4s
ORciscorvs4000_softwareMatch3.16.4as
ORciscorvs4000_softwareMatch3.16.4bs
ORciscorvs4000_softwareMatch3.16.4gs
ORciscorvs4000_softwareMatch3.16.5s
ORciscorvs4000_softwareMatch3.16.4cs
ORciscorvs4000_softwareMatch3.16.4ds
ORciscorvs4000_softwareMatch3.16.4es
ORciscorvs4000_softwareMatch3.16.5as
ORciscorvs4000_softwareMatch3.16.5bs
ORciscorvs4000_softwareMatch3.17.0s
ORciscorvs4000_softwareMatch3.17.1s
ORciscorvs4000_softwareMatch3.17.2s
ORciscorvs4000_softwareMatch3.17.1as
ORciscorvs4000_softwareMatch3.17.3s
ORciscorvs4000_softwareMatch3.17.4s
ORciscorvs4000_softwareMatch16.1.1
ORciscorvs4000_softwareMatch16.1.2
ORciscorvs4000_softwareMatch16.1.3
ORciscorvs4000_softwareMatch16.2.1
ORciscorvs4000_softwareMatch16.2.2
ORciscorvs4000_softwareMatch3.8.0e
ORciscorvs4000_softwareMatch3.8.1e
ORciscorvs4000_softwareMatch3.8.2e
ORciscorvs4000_softwareMatch3.8.3e
ORciscorvs4000_softwareMatch3.8.4e
ORciscorvs4000_softwareMatch16.3.1
ORciscorvs4000_softwareMatch16.3.2
ORciscorvs4000_softwareMatch16.3.3
ORciscorvs4000_softwareMatch16.3.1a
ORciscorvs4000_softwareMatch16.3.4
ORciscorvs4000_softwareMatch16.4.1
ORciscorvs4000_softwareMatch16.4.2
ORciscorvs4000_softwareMatch3.18.0as
ORciscorvs4000_softwareMatch3.18.0s
ORciscorvs4000_softwareMatch3.18.1s
ORciscorvs4000_softwareMatch3.18.2s
ORciscorvs4000_softwareMatch3.18.3s
ORciscorvs4000_softwareMatch3.18.0sp
ORciscorvs4000_softwareMatch3.18.1sp
ORciscorvs4000_softwareMatch3.18.1asp
ORciscorvs4000_softwareMatch3.18.1gsp
ORciscorvs4000_softwareMatch3.18.1bsp
ORciscorvs4000_softwareMatch3.18.1csp
ORciscorvs4000_softwareMatch3.18.2sp
ORciscorvs4000_softwareMatch3.18.1hsp
ORciscorvs4000_softwareMatch3.18.2asp
ORciscorvs4000_softwareMatch3.18.1isp
ORciscorvs4000_softwareMatch3.9.0e
ORciscorvs4000_softwareMatch3.9.1e
ORciscorvs4000_softwareMatch3.9.2e
ORciscorvs4000_softwareMatch3.9.2be
ORciscorvs4000_softwareMatch3.10.0e
ORciscorvs4000_softwareMatch3.10.0ce
Related
cisa_kev
cisa_kev
Cisco IOS and XE Software Internet Key Exchange Memory Leak Vulnerability
2022-03-03 00:00:00
nvd
nvd
CVE-2018-0158
2018-03-28 22:29:00
prion
prion
Design/Logic Flaw
2018-03-28 22:29:00
attackerkb
attackerkb
CVE-2018-0158
2018-03-28 00:00:00
cvelist
cvelist
CVE-2018-0158
2018-03-28 22:00:00
nessus
nessus
Cisco IOS Software Internet Key Exchange Memory Leak (cisco-sa-20180328-ike)
2019-11-27 00:00:00
Cisco Ios Missing Release of Resource after Effective Lifetime
2019-11-08 00:00:00
cve
cve
CVE-2018-0158
2018-03-28 22:29:00
ics
ics
Rockwell Automation Stratix Services Router
2018-04-25 12:00:00
Rockwell Automation Stratix and ArmorStratix Switches
2018-04-25 12:00:00