CVE-2018-0088Incorrect Permission Assignment in Cisco IOS

CWE-399CWE-732Incorrect Permission Assignment4 documents4 sources
Severity
6.7MEDIUMNVD
EPSS
0.1%
top 79.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS
Timeline
PublishedJan 18
Latest updateMay 13

Description

A vulnerability in one of the diagnostic test CLI commands on Cisco Industrial Ethernet 4010 Series Switches running Cisco IOS Software could allow an authenticated, local attacker to impact the stability of the device. This could result in arbitrary code execution or a denial of service (DoS) condition. The attacker has to have valid user credentials at privilege level 15. The vulnerability is due to a diagnostic test CLI command that allows the attacker to write to the device memory. An attack

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages1 packages

CVEListV5cisco/cisco_iosCisco IOS

🔴Vulnerability Details

2
GHSA
GHSA-3mrm-rr7c-34fm: A vulnerability in one of the diagnostic test CLI commands on Cisco Industrial Ethernet 4010 Series Switches running Cisco IOS Software could allow an2022-05-13
CVEList
CVE-2018-0088: A vulnerability in one of the diagnostic test CLI commands on Cisco Industrial Ethernet 4010 Series Switches running Cisco IOS Software could allow an2018-01-18

📋Vendor Advisories

1
Cisco
Cisco IOS Software for Industrial Ethernet 4010 Series Switches Test Command Arbitrary Code Execution and Denial of Service Vulnerability2018-01-18
CVE-2018-0088 — Incorrect Permission Assignment | cvebase