CVE-2018-0475 — Improper Input Validation in Cisco IOS Software

CWE-20 — Improper Input Validation5 documents5 sources

Severity

7.4HIGHNVD

EPSS

0.3%

top 50.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS Software Cisco IOS Cisco IOS XE

Timeline

PublishedOct 5

Latest updateMay 13

Description

A vulnerability in the implementation of the cluster feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation when handling Cluster Management Protocol (CMP) messages. An attacker could exploit this vulnerability by sending a malicious CMP message to an affected device. A successful exploit could allow the attacker to cause t…

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 2.8 | Impact: 4.0

Affected Packages3 packages

▶CVEListV5cisco/cisco_ios_softwaren/a

▶NVDcisco/ios15.0\(2.0.0\)

▶NVDcisco/ios_xe15.0\(2.0.0\)

🔴Vulnerability Details

GHSA

GHSA-wr6p-fg29-rg69: A vulnerability in the implementation of the cluster feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent↗2022-05-13

▶

CVEList

Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability↗2018-10-05

▶

📋Vendor Advisories

Cisco

Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability↗2018-09-26

▶

💬Community

Bugzilla

CVE-2017-1002101 kubernetes: Volume security can be sidestepped with innocent emptyDir and subpath↗2017-12-12

▶