CVE-2018-0182 — HIGH (7.8) — White Hats Nepal

Q: How severe is CVE-2018-0182?

CVE-2018-0182 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-0182?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios Xe.

Vulnerability Description

Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell of an affected device and execute commands with root privileges on the device. The vulnerabilities exist because the affected software does not sufficiently sanitize command arguments before passing commands to the Linux shell for execution. An attacker could exploit these vulnerabilities by submitting a malicious CLI command to the affected software. A successful exploit could allow the attacker to break from the CLI of the affected software, which could allow the attacker to gain access to the underlying Linux shell on an affected device and execute arbitrary commands with root privileges on the device. Cisco Bug IDs: CSCuz03145, CSCuz56419, CSCva31971, CSCvb09542.

CVSS Score

7.8

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Cisco	Ios Xe	< 16.3.1

Related Weaknesses (CWE)

CWE-78

References

http://www.securityfocus.com/bid/103547Third Party AdvisoryVDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
http://www.securityfocus.com/bid/103547Third Party AdvisoryVDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory

FAQ

What is CVE-2018-0182?

CVE-2018-0182 is a vulnerability with a CVSS score of 7.8 (HIGH). Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could allow t...

How severe is CVE-2018-0182?

CVE-2018-0182 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-0182?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios Xe.