CVE-2018-0469Double Free in Cisco IOS XE Software

CWE-415Double Free4 documents4 sources
Severity
6.8MEDIUMNVD
EPSS
0.8%
top 26.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XE SoftwareCisco IOS XE
Timeline
PublishedOct 5
Latest updateMay 13

Description

A vulnerability in the web user interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a double-free-in-memory handling by the affected software when specific HTTP requests are processed. An attacker could exploit this vulnerability by sending specific HTTP requests to the web user interface of the affected software. A successful exploit could allow the attacker to cause the affected device to reload,

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 2.2 | Impact: 4.0

Affected Packages2 packages

NVDcisco/ios_xe16.5.1

🔴Vulnerability Details

2
GHSA
GHSA-mx9c-5j73-j9h5: A vulnerability in the web user interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to relo2022-05-13
CVEList
Cisco IOS XE Software Web UI Denial of Service Vulnerability2018-10-05

📋Vendor Advisories

1
Cisco
Cisco IOS XE Software Web UI Denial of Service Vulnerability2018-09-26
CVE-2018-0469 — Double Free in Cisco IOS XE Software | cvebase