CVE-2018-0180

moderate-risk
Published 2018-03-28

Multiple vulnerabilities in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a denial of service (DoS) condition. These vulnerabilities affect Cisco devices that are running Cisco IOS Software Release 15.4(2)T, 15.4(3)M, or 15.4(2)CG and later. Cisco Bug IDs: CSCuy32360, CSCuz60599.

Do I need to act?

~
1.7% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.9/10 Medium
NETWORK / HIGH complexity

Affected Products (7)

Ios
Ios
Ios
Ios
Ios
Ios
Ios

Affected Vendors

Cisco

References (5)

Broken Link http://www.securityfocus.com/bid/103556
Mitigation https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2...
Broken Link http://www.securityfocus.com/bid/103556
Mitigation https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2...
US Government Resource https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-...
44
/ 100
moderate-risk
Severity 18/34 · Moderate
Exploitability 12/34 · Low
Exposure 14/34 · Moderate