CVE-2018-0158
high-risk
Published 2018-03-28
A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain IKEv2 packets. An attacker could exploit this vulnerability by sending crafted IKEv2 packets to an affected device to be processed. A successful exploit could cause an affected device to continuously consume memory and eventually reload, resulting in a DoS condition. Cisco Bug IDs: CSCvf22394.
Do I need to act?
!
14.6% chance of exploitation in next 30 days
EPSS score — higher than 85% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.6/10
High
NETWORK
/ LOW complexity
Affected Products (20)
Affected Vendors
References (11)
Broken Link
http://www.securityfocus.com/bid/103566
Broken Link
http://www.securitytracker.com/id/1040595
Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03
Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04
Broken Link
http://www.securityfocus.com/bid/103566
Broken Link
http://www.securitytracker.com/id/1040595
Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03
Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-...
68
/ 100
high-risk
Severity
29/34 · Critical
Exploitability
19/34 · Moderate
Exposure
20/34 · Moderate