Vulnerability Description
A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain IKEv2 packets. An attacker could exploit this vulnerability by sending crafted IKEv2 packets to an affected device to be processed. A successful exploit could cause an affected device to continuously consume memory and eventually reload, resulting in a DoS condition. Cisco Bug IDs: CSCvf22394.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Ios | 15.5\(3\)s1.1 |
| Cisco | Asr 1001-Hx | - |
| Cisco | Asr 1001-X | - |
| Cisco | Asr 1002-Hx | - |
| Cisco | Asr 1002-X | - |
| Cisco | Asr 1004 | - |
| Cisco | Asr 1006 | - |
| Cisco | Asr 1006-X | - |
| Cisco | Asr 1009-X | - |
| Cisco | Asr 1013 | - |
| Cisco | Ios Xe | 15.5\(3\)s1.1 |
| Rockwellautomation | Allen-Bradley Stratix 5900 | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/103566Broken LinkThird Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040595Broken LinkThird Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03Third Party AdvisoryUS Government ResourceVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04Third Party AdvisoryUS Government ResourceVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- http://www.securityfocus.com/bid/103566Broken LinkThird Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040595Broken LinkThird Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03Third Party AdvisoryUS Government ResourceVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04Third Party AdvisoryUS Government ResourceVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-US Government Resource
FAQ
What is CVE-2018-0158?
CVE-2018-0158 is a vulnerability with a CVSS score of 8.6 (HIGH). A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak or a reload...
How severe is CVE-2018-0158?
CVE-2018-0158 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-0158?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios, Cisco Asr 1001-Hx, Cisco Asr 1001-X, Cisco Asr 1002-Hx, Cisco Asr 1002-X.