CVE-2018-0156
high-risk
Published 2018-03-28
A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted packet to an affected device on TCP port 4786. Only Smart Install client switches are affected. Cisco devices that are configured as a Smart Install director are not affected by this vulnerability. Cisco Bug IDs: CSCvd40673.
Do I need to act?
!
15.5% chance of exploitation in next 30 days
EPSS score — higher than 84% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10
High
NETWORK
/ LOW complexity
Affected Vendors
References (11)
Third Party Advisory
http://www.securityfocus.com/bid/103569
Third Party Advisory
http://www.securitytracker.com/id/1040596
Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04
Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05
Third Party Advisory
http://www.securityfocus.com/bid/103569
Third Party Advisory
http://www.securitytracker.com/id/1040596
Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04
Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-...
56
/ 100
high-risk
Severity
26/34 · High
Exploitability
20/34 · Moderate
Exposure
10/34 · Low