Vulnerability Description
A vulnerability in specific CLI commands for the Cisco Identity Services Engine could allow an authenticated, local attacker to cause a denial of service (DoS) condition. The device may need to be manually rebooted to recover. The vulnerability is due to lack of proper input validation of the CLI user input for certain CLI commands. An attacker could exploit this vulnerability by authenticating to the device and issuing a crafted, malicious CLI command on the targeted device. A successful exploit could allow the attacker to cause a DoS condition. The attacker must have valid administrative privileges on the device to exploit this vulnerability. Cisco Bug IDs: CSCvf63414, CSCvh51992.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Identity Services Engine | 2.1\(0.474\) |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/103334Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040471Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- http://www.securityfocus.com/bid/103334Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040471Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
FAQ
What is CVE-2018-0211?
CVE-2018-0211 is a vulnerability with a CVSS score of 4.4 (MEDIUM). A vulnerability in specific CLI commands for the Cisco Identity Services Engine could allow an authenticated, local attacker to cause a denial of service (DoS) condition. The device may need to be man...
How severe is CVE-2018-0211?
CVE-2018-0211 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-0211?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Identity Services Engine.