⚠ Actively exploited
Added to CISA KEV on 2021-11-03. Federal agencies required to patch by 2022-05-03. Required action: Apply updates per vendor instructions..
CVE-2018-0171 — Improper Input Validation in Cisco IOS
Severity
9.8CRITICALNVD
EPSS
93.0%
top 0.21%
CISA KEV
KEV
Added 2021-11-03
Due 2022-05-03
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedMar 28
KEV addedNov 3
KEV dueMay 3
Latest updateAug 20
CISA Required Action: Apply updates per vendor instructions.
Description
A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on an affected device. The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted Smart Install message to an affected device on TCP port 4786. A successful exploit c…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages1 packages
🔴Vulnerability Details
3GHSA▶
GHSA-4w6g-87mh-x63x: A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigge↗2022-05-13
CVEList▶
CVE-2018-0171: A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigge↗2018-03-28
💥Exploits & PoCs
2Nuclei▶
Cisco Smart Install - Configuration Download