CVE-2018-0211Improper Input Validation in Cisco Identity Services Engine

CWE-20Improper Input Validation5 documents5 sources
Severity
4.4MEDIUMNVD
EPSS
0.1%
top 74.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Identity Services Engine
Timeline
PublishedMar 8
Latest updateMay 13

Description

A vulnerability in specific CLI commands for the Cisco Identity Services Engine could allow an authenticated, local attacker to cause a denial of service (DoS) condition. The device may need to be manually rebooted to recover. The vulnerability is due to lack of proper input validation of the CLI user input for certain CLI commands. An attacker could exploit this vulnerability by authenticating to the device and issuing a crafted, malicious CLI command on the targeted device. A successful exploi

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 0.8 | Impact: 3.6

Affected Packages1 packages

NVDcisco/identity_services_engine2.1\(0.474\), 2.2\(1.145\), 2.4\(0.247\)+2

🔴Vulnerability Details

3
GHSA
GHSA-f978-vh2v-fvj4: A vulnerability in specific CLI commands for the Cisco Identity Services Engine could allow an authenticated, local attacker to cause a denial of serv2022-05-13
OSV
apache2 vulnerabilities2019-04-04
CVEList
CVE-2018-0211: A vulnerability in specific CLI commands for the Cisco Identity Services Engine could allow an authenticated, local attacker to cause a denial of serv2018-03-08

📋Vendor Advisories

1
Cisco
Cisco Identity Services Engine Authenticated CLI Denial of Service Vulnerability2018-03-07
CVE-2018-0211 — Improper Input Validation in Cisco | cvebase