CVE-2018-0154

CVSS 7.5 HIGHEPSS 7.1%● KEVCWE-399

In short

A flaw in Cisco's VPN security module allows attackers to send specially crafted network traffic that can freeze or crash the device, making it unavailable to users.

Technical detail

The vulnerability exists in the crypto engine of Cisco ISM-VPN on IOS Software due to improper handling of VPN traffic. An unauthenticated remote attacker can trigger a denial of service by sending crafted VPN packets, causing the device to hang or crash (CWE-399: Resource exhaustion).

Summary generated and translated by AI from the official description.

A vulnerability in the crypto engine of the Cisco Integrated Services Module for VPN (ISM-VPN) running Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient handling of VPN traffic by the affected device. An attacker could exploit this vulnerability by sending crafted VPN traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to hang or crash, resulting in a DoS condition. Cisco Bug IDs: CSCvd39267.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

n/a · Cisco IOS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dos https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-0154 http://www.securityfocus.com/bid/103559 http://www.securitytracker.com/id/1040585