Vulnerability Description
A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted packet to an affected device on TCP port 4786. Only Smart Install client switches are affected. Cisco devices that are configured as a Smart Install director are not affected by this vulnerability. Cisco Bug IDs: CSCvd40673.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Ios | 15.2\(2\)e4 |
| Cisco | Catalyst 2960-Plus 24Lc-L | - |
| Cisco | Catalyst 2960-Plus 24Lc-S | - |
| Cisco | Catalyst 2960-Plus 24Pc-L | - |
| Cisco | Catalyst 2960-Plus 24Pc-S | - |
| Cisco | Catalyst 2960-Plus 24Tc-L | - |
| Cisco | Catalyst 2960-Plus 24Tc-S | - |
| Cisco | Catalyst 2960-Plus 48Pst-L | - |
| Cisco | Catalyst 2960-Plus 48Pst-S | - |
| Cisco | Catalyst 2960-Plus 48Tc-L | - |
| Cisco | Catalyst 2960-Plus 48Tc-S | - |
| Cisco | Catalyst 2960C-12Pc-L | - |
| Cisco | Catalyst 2960C-8Pc-L | - |
| Cisco | Catalyst 2960C-8Tc-L | - |
| Cisco | Catalyst 2960C-8Tc-S | - |
| Cisco | Catalyst 2960Cg-8Tc-L | - |
| Cisco | Catalyst 2960Cpd-8Pt-L | - |
| Cisco | Catalyst 2960Cpd-8Tt-L | - |
| Cisco | Catalyst 2960S-24Pd-L | - |
| Cisco | Catalyst 2960S-24Ps-L | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/103569Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040596Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04Third Party AdvisoryUS Government Resource
- https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05Third Party AdvisoryUS Government Resource
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- http://www.securityfocus.com/bid/103569Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040596Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04Third Party AdvisoryUS Government Resource
- https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05Third Party AdvisoryUS Government Resource
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-US Government Resource
FAQ
What is CVE-2018-0156?
CVE-2018-0156 is a vulnerability with a CVSS score of 7.5 (HIGH). A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a d...
How severe is CVE-2018-0156?
CVE-2018-0156 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-0156?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios, Cisco Catalyst 2960-Plus 24Lc-L, Cisco Catalyst 2960-Plus 24Lc-S, Cisco Catalyst 2960-Plus 24Pc-L, Cisco Catalyst 2960-Plus 24Pc-S.