CVE-2018-0154
published 2018-03-28CVE-2018-0154: A vulnerability in the crypto engine of the Cisco Integrated Services Module for VPN (ISM-VPN) running Cisco IOS Software could allow an unauthenticated…
PriorityP276high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-03-17
Exploited in the wild
EPSS
7.07%
93.4th percentile
A vulnerability in the crypto engine of the Cisco Integrated Services Module for VPN (ISM-VPN) running Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient handling of VPN traffic by the affected device. An attacker could exploit this vulnerability by sending crafted VPN traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to hang or crash, resulting in a DoS condition. Cisco Bug IDs: CSCvd39267.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | ios | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Trigger condition is crafted VPN traffic sent to a device running Cisco ISM-VPN on IOS Software; monitor for unexpected device hangs or crashes (DoS) on ISM-VPN-equipped routers following inbound VPN traffic ↗
- →The vulnerability is specific to the crypto engine of the Cisco Integrated Services Module for VPN (ISM-VPN); focus detection on devices with this module installed running Cisco IOS Software ↗
- ·No workarounds are available for this vulnerability; the only mitigation is applying Cisco's software updates ↗
- ·Cisco Bug ID CSCvd39267 tracks this issue; use this identifier when cross-referencing Cisco's advisory and patch tracking systems ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
vulncheck7.5HIGH
cisa7.5HIGH
vendor_cisco8.6HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gj5f-9m2c-w52m: A vulnerability in the crypto engine of the Cisco Integrated Services Module for VPN (ISM-VPN) running Cisco IOS Software could allow an unauthenticat
ghsa_unreviewed·2022-05-13
CVE-2018-0154 [HIGH] GHSA-gj5f-9m2c-w52m: A vulnerability in the crypto engine of the Cisco Integrated Services Module for VPN (ISM-VPN) running Cisco IOS Software could allow an unauthenticat
A vulnerability in the crypto engine of the Cisco Integrated Services Module for VPN (ISM-VPN) running Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient handling of VPN traffic by the affected device. An attacker could exploit this vulnerability by sending crafted VPN traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to hang or crash, resulting in a DoS condition. Cisco Bug IDs: CSCvd39267.
VulnCheck
Cisco IOS Software Integrated Services Module for VPN Denial-of-Service Vulnerability
vulncheck·2018·CVSS 7.5
CVE-2018-0154 [HIGH] CWE-399 Cisco IOS Software Integrated Services Module for VPN Denial-of-Service Vulnerability
Cisco IOS Software Integrated Services Module for VPN Denial-of-Service Vulnerability
A vulnerability in the crypto engine of the Cisco Integrated Services Module for VPN (ISM-VPN) running Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial-of-service (DoS) condition.
Affected: Cisco IOS Software
Required Action: Apply updates per vendor instructions.
Exploitation References: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-20180328-dos.html
Remediation Due: 2022-03-17
CISA
Cisco IOS Software Integrated Services Module for VPN Denial-of-Service Vulnerability
cisa·2022-03-03·CVSS 7.5
CVE-2018-0154 [HIGH] CWE-399 Cisco IOS Software Integrated Services Module for VPN Denial-of-Service Vulnerability
Vulnerability: Cisco IOS Software Integrated Services Module for VPN Denial-of-Service Vulnerability
Affected: Cisco IOS Software
A vulnerability in the crypto engine of the Cisco Integrated Services Module for VPN (ISM-VPN) running Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial-of-service (DoS) condition.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2018-0154
Remediation Due Date: 2022-03-17
Cisco
Cisco IOS Software Integrated Services Module for VPN Denial of Service Vulnerability
vendor_cisco·2018-03-28·CVSS 8.6
CVE-2018-0154 [HIGH] CWE-399 Cisco IOS Software Integrated Services Module for VPN Denial of Service Vulnerability
Cisco IOS Software Integrated Services Module for VPN Denial of Service Vulnerability
A vulnerability in the crypto engine of the Cisco Integrated Services Module for VPN (ISM-VPN) running Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
The vulnerability is due to insufficient handling of VPN traffic by the affected device. An attacker could exploit this vulnerability by sending crafted VPN traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to hang or crash, resulting in a DoS condition.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the fo
Cisco
Cisco IOS Software Integrated Services Module for VPN Denial of Service Vulnerability
vendor_cisco·CVSS 3.0
CVE-2018-0154 Cisco IOS Software Integrated Services Module for VPN Denial of Service Vulnerability
CVE-2018-0154: Cisco IOS Software Integrated Services Module for VPN Denial of Service Vulnerability
A vulnerability in the crypto engine of the Cisco Integrated Services Module for VPN (ISM-VPN) running Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient handling of VPN traffic by the affected device. An attacker could exploit this vulnerability by sending crafted VPN traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to hang or crash, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no
CVSS: 3.0
CWE: CWE-399, CWE-399
Bug IDs: CSCvd39267
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/103559http://www.securitytracker.com/id/1040585https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-doshttp://www.securityfocus.com/bid/103559http://www.securitytracker.com/id/1040585https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-doshttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-0154
2018-03-28
Published
2022-03-03
Added to CISA KEV
Exploited in the wild