CVE-2018-15428Improper Input Validation in Cisco IOS XR Software

CWE-20Improper Input Validation5 documents5 sources
Severity
6.8MEDIUMNVD
EPSS
0.5%
top 32.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XR SoftwareCisco IOS XR
Timeline
PublishedOct 5
Latest updateMay 13

Description

A vulnerability in the implementation of Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain BGP update messages. An attacker could exploit this vulnerability by sending BGP update messages that include a specific, malformed attribute to be processed by an affected system. A successful exploit could allow the attacker to cause

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 2.2 | Impact: 4.0

Affected Packages2 packages

NVDcisco/ios_xr10 versions+9

🔴Vulnerability Details

2
GHSA
GHSA-qx9h-fggw-hc55: A vulnerability in the implementation of Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote a2022-05-13
CVEList
Cisco IOS XR Software Border Gateway Protocol Denial of Service Vulnerability2018-10-05

📋Vendor Advisories

1
Cisco
Cisco IOS XR Software Border Gateway Protocol Denial of Service Vulnerability2018-10-03
CVE-2018-15428 — Improper Input Validation in Cisco | cvebase