CVE-2018-0159
moderate-risk
Published 2018-03-28
A vulnerability in the implementation of Internet Key Exchange Version 1 (IKEv1) functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of specific IKEv1 packets. An attacker could exploit this vulnerability by sending crafted IKEv1 packets to an affected device during an IKE negotiation. A successful exploit could allow the attacker to cause an affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCuj73916.
Do I need to act?
~
7.0% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10
High
NETWORK
/ LOW complexity
Affected Vendors
References (7)
Broken Link
http://www.securityfocus.com/bid/103562
Broken Link
http://www.securitytracker.com/id/1040595
Broken Link
http://www.securityfocus.com/bid/103562
Broken Link
http://www.securitytracker.com/id/1040595
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-...
49
/ 100
moderate-risk
Severity
26/34 · High
Exploitability
16/34 · Moderate
Exposure
7/34 · Low