Vulnerability Description
A vulnerability in the Cisco Network Plug and Play agent, also referred to as the Cisco Open Plug-n-Play agent, of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. The vulnerability is due to insufficient input validation by the affected software. An attacker could exploit this vulnerability by sending invalid data to the Cisco Network Plug and Play agent on an affected device. A successful exploit could allow the attacker to cause a memory leak on the affected device, which could cause the device to reload.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Ios | 15.7\(3.1s\)m |
Related Weaknesses (CWE)
References
- https://ics-cert.us-cert.gov/advisories/ICSA-19-094-02Third Party AdvisoryUS Government Resource
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- https://ics-cert.us-cert.gov/advisories/ICSA-19-094-02Third Party AdvisoryUS Government Resource
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
FAQ
What is CVE-2018-15377?
CVE-2018-15377 is a vulnerability with a CVSS score of 8.6 (HIGH). A vulnerability in the Cisco Network Plug and Play agent, also referred to as the Cisco Open Plug-n-Play agent, of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote a...
How severe is CVE-2018-15377?
CVE-2018-15377 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-15377?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios.