CVE-2018-0470Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco IOS XE Software

CWE-399CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources
Severity
8.6HIGHNVD
EPSS
1.4%
top 19.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XE SoftwareCisco IOS XE
Timeline
PublishedOct 5
Latest updateMay 13

Description

A vulnerability in the web framework of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a buffer overflow condition on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to the affected software improperly parsing malformed HTTP packets that are destined to a device. An attacker could exploit this vulnerability by sending a malformed HTTP packet to an affected device for processing. A successful exploit could allow the at

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages2 packages

NVDcisco/ios_xe16.2.0, 16.3\(1\)+1

🔴Vulnerability Details

2
GHSA
GHSA-m395-rxf5-2vf4: A vulnerability in the web framework of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a buffer overflow condition on2022-05-13
CVEList
Cisco IOS XE Software HTTP Denial of Service Vulnerability2018-10-05

📋Vendor Advisories

2
CISA ICS
Rockwell Automation Stratix 5400/5410/5700/8000/8300 and ArmorStratix 57002019-04-05
Cisco
Cisco IOS XE Software HTTP Denial of Service Vulnerability2018-09-26
CVE-2018-0470 — Cisco IOS XE Software vulnerability | cvebase