CVE-2018-0179

CVSS 6.8 MEDIUMEPSS 5.1%● KEVCWE-399

In short

A flaw in Cisco IOS Software's Login Enhancements feature allows an attacker on the network to crash affected devices by sending specially crafted requests, causing them to restart and become temporarily unavailable.

Technical detail

Multiple resource exhaustion vulnerabilities in the Login Block feature of Cisco IOS Software allow unauthenticated remote attackers to trigger uncontrolled resource consumption via crafted network traffic, resulting in system reload and denial of service. Affects IOS versions 15.4(2)T, 15.4(3)M, 15.4(2)CG and later; exploitation requires network reachability to the affected device.

Summary generated and translated by AI from the official description.

Multiple vulnerabilities in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a denial of service (DoS) condition. These vulnerabilities affect Cisco devices that are running Cisco IOS Software Release 15.4(2)T, 15.4(3)M, or 15.4(2)CG and later. Cisco Bug IDs: CSCuy32360, CSCuz60599.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

Affected products

n/a · Cisco IOS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-slogin https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-0179 http://www.securityfocus.com/bid/103556