⚠ Actively exploited

Added to CISA KEV on 2022-03-03. Federal agencies required to patch by 2022-03-17. Required action: Apply updates per vendor instructions..

CVE-2018-0180 — Cisco IOS vulnerability

CWE-3996 documents6 sources

Severity

5.9MEDIUMNVD

EPSS

1.7%

top 17.50%

CISA KEV

KEV

Added 2022-03-03

Due 2022-03-17

Exploit

Exploited in wild

Active exploitation observed

Affected products

Cisco IOS Cisco IOS

Timeline

PublishedMar 28

KEV addedMar 3

KEV dueMar 17

Latest updateMay 13

CISA Required Action: Apply updates per vendor instructions.

Description

Multiple vulnerabilities in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a denial of service (DoS) condition. These vulnerabilities affect Cisco devices that are running Cisco IOS Software Release 15.4(2)T, 15.4(3)M, or 15.4(2)CG and later. Cisco Bug IDs: CSCuy32360, CSCuz60599.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

▶NVDcisco/ios7 versions+6

▶CVEListV5cisco/cisco_iosCisco IOS

🔴Vulnerability Details

GHSA

GHSA-rfg9-33h6-7pq5: Multiple vulnerabilities in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trig↗2022-05-13

▶

CVEList

CVE-2018-0180: Multiple vulnerabilities in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trig↗2018-03-28

▶

VulnCheck

Cisco IOS Software Denial-of-Service Vulnerability↗2018

▶

📋Vendor Advisories

CISA

Cisco IOS Software Denial-of-Service Vulnerability↗2022-03-03

▶

Cisco

Cisco IOS Software Login Enhancements Login Block Denial of Service Vulnerabilities↗2018-03-28

▶