CVE-2018-0088

MEDIUM

Cisco Industrial Ethernet 4010 Series... - Incorrect Permission Assignment

Title source: rule

Description

A vulnerability in one of the diagnostic test CLI commands on Cisco Industrial Ethernet 4010 Series Switches running Cisco IOS Software could allow an authenticated, local attacker to impact the stability of the device. This could result in arbitrary code execution or a denial of service (DoS) condition. The attacker has to have valid user credentials at privilege level 15. The vulnerability is due to a diagnostic test CLI command that allows the attacker to write to the device memory. An attacker could exploit this vulnerability by authenticating to the targeted device and issuing a specific diagnostic test command at the CLI. An exploit could allow the attacker to overwrite system memory locations, which could have a negative impact on the stability of the device. Cisco Bug IDs: CSCvf71150.

References (2)

Core 2

Core References

Vendor Advisory x_refsource_confirm

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-iess

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1040240

Scores

CVSS v3 6.7

EPSS 0.0007

EPSS Percentile 20.7%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-399 CWE-732

Status published

Products (1)

cisco/industrial_ethernet_4010_series_firmware

Published Jan 18, 2018

Tracked Since Feb 18, 2026