CVE-2018-0154
moderate-risk
Published 2018-03-28
A vulnerability in the crypto engine of the Cisco Integrated Services Module for VPN (ISM-VPN) running Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient handling of VPN traffic by the affected device. An attacker could exploit this vulnerability by sending crafted VPN traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to hang or crash, resulting in a DoS condition. Cisco Bug IDs: CSCvd39267.
Do I need to act?
!
11.7% chance of exploitation in next 30 days
EPSS score — higher than 88% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10
High
NETWORK
/ LOW complexity
Affected Products (1)
Affected Vendors
References (7)
Broken Link
http://www.securityfocus.com/bid/103559
Broken Link
http://www.securitytracker.com/id/1040585
Broken Link
http://www.securityfocus.com/bid/103559
Broken Link
http://www.securitytracker.com/id/1040585
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-...
49
/ 100
moderate-risk
Severity
26/34 · High
Exploitability
18/34 · Moderate
Exposure
5/34 · Minimal