CVE-2018-0476 — Cisco IOS XE Software vulnerability

CWE-3994 documents4 sources

Severity

5.9MEDIUMNVD

EPSS

3.1%

top 13.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS XE Software Cisco IOS XE

Timeline

PublishedOct 5

Latest updateMay 13

Description

A vulnerability in the Network Address Translation (NAT) Session Initiation Protocol (SIP) Application Layer Gateway (ALG) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper processing of SIP packets in transit while NAT is performed on an affected device. An unauthenticated, remote attacker could exploit this vulnerability by sending crafted SIP packets via UDP port 5060 through an affected device …

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5cisco/cisco_ios_xe_softwaren/a

▶NVDcisco/ios_xe15.5\(3\)s5.1, 15.5\(3\)s6.1, 16.6.2+2

🔴Vulnerability Details

GHSA

GHSA-72m2-hw7c-6c7r: A vulnerability in the Network Address Translation (NAT) Session Initiation Protocol (SIP) Application Layer Gateway (ALG) of Cisco IOS XE Software co↗2022-05-13

▶

CVEList

Cisco IOS XE Software NAT Session Initiation Protocol Application Layer Gateway Denial of Service Vulnerability↗2018-10-05

▶

📋Vendor Advisories

Cisco

Cisco IOS XE Software NAT Session Initiation Protocol Application Layer Gateway Denial of Service Vulnerability↗2018-09-26

▶