CVE-2018-15374Improper Verification of Cryptographic Signature in Cisco IOS XE Software

CWE-347Improper Verification of Cryptographic Signature4 documents4 sources
Severity
6.7MEDIUMNVD
EPSS
0.0%
top 90.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XE SoftwareCisco IOS XE
Timeline
PublishedOct 5
Latest updateMay 13

Description

A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install a malicious software image or file on an affected device. The vulnerability is due to the affected software improperly verifying digital signatures for software images and files that are uploaded to a device. An attacker could exploit this vulnerability by uploading a malicious software image or file to an affected device. A successful exploit could allow the attacke

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

NVDcisco/ios_xe16.6.1

🔴Vulnerability Details

2
GHSA
GHSA-hmgr-779r-qfww: A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install a malicious softwar2022-05-13
CVEList
Cisco IOS XE Software Digital Signature Verification Bypass Vulnerability2018-10-05

📋Vendor Advisories

1
Cisco
Cisco IOS XE Software Digital Signature Verification Bypass Vulnerability2018-09-26
CVE-2018-15374 — Cisco IOS XE Software vulnerability | cvebase