CVE-2018-0315Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco IOS XE

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
9.5%
top 7.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS XE
Timeline
PublishedJun 7
Latest updateMay 13

Description

A vulnerability in the authentication, authorization, and accounting (AAA) security services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device or cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to incorrect memory operations that the affected software performs when the software parses a username during login authentication. An attacker could exploit this vulnerabi

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDcisco/ios_xe16.7.1, 16.8.1+1

🔴Vulnerability Details

2
GHSA
GHSA-g6vq-46f2-9g62: A vulnerability in the authentication, authorization, and accounting (AAA) security services of Cisco IOS XE Software could allow an unauthenticated,2022-05-13
CVEList
CVE-2018-0315: A vulnerability in the authentication, authorization, and accounting (AAA) security services of Cisco IOS XE Software could allow an unauthenticated,2018-06-07

📋Vendor Advisories

1
Cisco
Cisco IOS XE Software Authentication, Authorization, and Accounting Login Authentication Remote Code Execution Vulnerability2018-06-06
CVE-2018-0315 — Cisco IOS XE vulnerability | cvebase