CVE-2018-0180 — MEDIUM (5.9)

Vulnerability Description

Multiple vulnerabilities in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a denial of service (DoS) condition. These vulnerabilities affect Cisco devices that are running Cisco IOS Software Release 15.4(2)T, 15.4(3)M, or 15.4(2)CG and later. Cisco Bug IDs: CSCuy32360, CSCuz60599.

CVSS Score

5.9

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Cisco	Ios	15.3\(00.00.19\)sy
Cisco	3925 Integrated Services Router	-
Cisco	3925E Integrated Services Router	-
Cisco	3945 Integrated Services Router	-
Cisco	3945E Integrated Services Router	-
Cisco	1000 Integrated Services Router	-
Cisco	1100-4G\/6G Integrated Services Router	-
Cisco	1100-4G Integrated Services Router	-
Cisco	1100-4Gltegb Integrated Services Router	-
Cisco	1100-4Gltena Integrated Services Router	-
Cisco	1100-4P Integrated Services Router	-
Cisco	1100-6G Integrated Services Router	-
Cisco	1100-8P Integrated Services Router	-
Cisco	1100-Lte Integrated Services Router	-
Cisco	1100 Integrated Services Router	-
Cisco	1101-4P Integrated Services Router	-
Cisco	1101 Integrated Services Router	-
Cisco	1109-2P Integrated Services Router	-
Cisco	1109-4P Integrated Services Router	-
Cisco	1109 Integrated Services Router	-

Related Weaknesses (CWE)

CWE-399

References

http://www.securityfocus.com/bid/103556Broken LinkThird Party AdvisoryVDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2MitigationVendor Advisory
http://www.securityfocus.com/bid/103556Broken LinkThird Party AdvisoryVDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2MitigationVendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-US Government Resource

FAQ

What is CVE-2018-0180?

CVE-2018-0180 is a vulnerability with a CVSS score of 5.9 (MEDIUM). Multiple vulnerabilities in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a...

How severe is CVE-2018-0180?

CVE-2018-0180 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-0180?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios, Cisco 3925 Integrated Services Router, Cisco 3925E Integrated Services Router, Cisco 3945 Integrated Services Router, Cisco 3945E Integrated Services Router.