Lucene search

[email protected]NVD:CVE-2018-0158

HistoryMar 28, 2018 - 10:29 p.m.

CVE-2018-0158

2018-03-2822:29:00

CWE-20

CWE-772

[email protected]

web.nvd.nist.gov

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

8.9 High

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.5%

JSON

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain IKEv2 packets. An attacker could exploit this vulnerability by sending crafted IKEv2 packets to an affected device to be processed. A successful exploit could cause an affected device to continuously consume memory and eventually reload, resulting in a DoS condition. Cisco Bug IDs: CSCvf22394.

Affected configurations

NVD

Node

ciscoiosMatch15.5\(3\)s1.1

ciscoiosMatch15.5\(3\)s1.2

ciscoiosMatch15.5\(3\)s1.4

ciscoiosMatch15.5\(3\)s1.5

ciscoiosMatch15.5\(3\)s1.7

ciscoiosMatch15.5\(3\)s1.8

ciscoiosMatch15.5\(3\)s1.9

ciscoiosMatch15.5\(3\)s1.10

ciscoiosMatch15.5\(3\)s1.11

ciscoiosMatch15.5\(3\)s1.12

AND

ciscoasr_1001-hxMatch-

ciscoasr_1001-xMatch-

ciscoasr_1002-hxMatch-

ciscoasr_1002-xMatch-

ciscoasr_1004Match-

ciscoasr_1006Match-

ciscoasr_1006-xMatch-

ciscoasr_1009-xMatch-

ciscoasr_1013Match-

Node

ciscoios_xeMatch15.5\(3\)s1.1

ciscoios_xeMatch15.5\(3\)s1.2

ciscoios_xeMatch15.5\(3\)s1.4

ciscoios_xeMatch15.5\(3\)s1.5

ciscoios_xeMatch15.5\(3\)s1.7

ciscoios_xeMatch15.5\(3\)s1.8

ciscoios_xeMatch15.5\(3\)s1.9

ciscoios_xeMatch15.5\(3\)s1.10

ciscoios_xeMatch15.5\(3\)s1.11

ciscoios_xeMatch15.5\(3\)s1.12

AND

ciscoasr_1001-hxMatch-

ciscoasr_1001-xMatch-

ciscoasr_1002-hxMatch-

ciscoasr_1002-xMatch-

ciscoasr_1004Match-

ciscoasr_1006Match-

ciscoasr_1006-xMatch-

ciscoasr_1009-xMatch-

ciscoasr_1013Match-

Node

ciscoiosMatch15.5\(3\)s1.1

ciscoiosMatch15.5\(3\)s1.2

ciscoiosMatch15.5\(3\)s1.4

ciscoiosMatch15.5\(3\)s1.5

ciscoiosMatch15.5\(3\)s1.7

ciscoiosMatch15.5\(3\)s1.8

ciscoiosMatch15.5\(3\)s1.9

ciscoiosMatch15.5\(3\)s1.10

ciscoiosMatch15.5\(3\)s1.11

ciscoiosMatch15.5\(3\)s1.12

ciscoios_xeMatch15.5\(3\)s1.1

ciscoios_xeMatch15.5\(3\)s1.2

ciscoios_xeMatch15.5\(3\)s1.4

ciscoios_xeMatch15.5\(3\)s1.5

ciscoios_xeMatch15.5\(3\)s1.7

ciscoios_xeMatch15.5\(3\)s1.8

ciscoios_xeMatch15.5\(3\)s1.9

ciscoios_xeMatch15.5\(3\)s1.10

ciscoios_xeMatch15.5\(3\)s1.11

ciscoios_xeMatch15.5\(3\)s1.12

AND

rockwellautomationallen-bradley_stratix_5900Match-

References

www.securityfocus.com/bid/103566

www.securitytracker.com/id/1040595

ics-cert.us-cert.gov/advisories/ICSA-18-107-03

ics-cert.us-cert.gov/advisories/ICSA-18-107-04

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-ike

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

8.9 High

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.5%

JSON

Related for NVD:CVE-2018-0158

cisa_kev1 prion1 nessus9 attackerkb1 cvelist1 cve1 cisco1 ics2