CVE-2018-0484Improper Access Control in Cisco IOS

CWE-284Improper Access Control28 documents5 sources
Severity
6.5MEDIUMNVD
CNA5.3
EPSS
0.2%
top 60.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOSCisco IOS
Timeline
PublishedJan 10
Latest updateMay 13

Description

A vulnerability in the access control logic of the Secure Shell (SSH) server of Cisco IOS and IOS XE Software may allow connections sourced from a virtual routing and forwarding (VRF) instance despite the absence of the vrf-also keyword in the access-class configuration. The vulnerability is due to a missing check in the SSH server. An attacker could use this vulnerability to open an SSH connection to an affected Cisco IOS or IOS XE device with a source address belonging to a VRF instance. Once

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDcisco/ios16.6.2, 16.6.4+1
CVEListV5cisco/cisco_iosn/a

🔴Vulnerability Details

2
GHSA
GHSA-wpcx-9mmv-mm42: A vulnerability in the access control logic of the Secure Shell (SSH) server of Cisco IOS and IOS XE Software may allow connections sourced from a vir2022-05-13
CVEList
Cisco IOS and IOS XE Software Secure Shell Connection on VRF Vulnerability2019-01-10

📋Vendor Advisories

1
Cisco
Cisco IOS and IOS XE Software Secure Shell Connection on VRF Vulnerability2019-01-09

💬Community

24
Bugzilla
CVE-2018-6060 chromium-browser: use-after-free in blink2018-03-07
Bugzilla
CVE-2018-6070 chromium-browser: csp bypass through extensions2018-03-07
Bugzilla
CVE-2018-6078 chromium-browser: url spoof in omnibox2018-03-07
Bugzilla
CVE-2018-6081 chromium-browser: xss in interstitials2018-03-07
Bugzilla
CVE-2018-6077 chromium-browser: timing attack using svg filters2018-03-07
CVE-2018-0484 — Improper Access Control in Cisco IOS | cvebase