CVE-2018-0180

CVSS 6.8 MEDIUMEPSS 5.1%● KEVCWE-399

In short

A flaw in Cisco IOS Software's login feature allows attackers to crash a device remotely without needing to log in, causing a service outage. This affects certain Cisco routers and switches running specific software versions.

Technical detail

Multiple vulnerabilities in the Login Enhancements feature of Cisco IOS allow unauthenticated remote attackers to trigger a system reload via crafted login requests. Affected versions include 15.4(2)T, 15.4(3)M, 15.4(2)CG and later; exploitation results in denial of service without requiring prior authentication or special privileges.

Summary generated and translated by AI from the official description.

Multiple vulnerabilities in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a denial of service (DoS) condition. These vulnerabilities affect Cisco devices that are running Cisco IOS Software Release 15.4(2)T, 15.4(3)M, or 15.4(2)CG and later. Cisco Bug IDs: CSCuy32360, CSCuz60599.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

Affected products

n/a · Cisco IOS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-slogin https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-0180 http://www.securityfocus.com/bid/103556