CVE-2018-0159
HIGH KEVCisco Ios - Improper Input Validation
Title source: ruleDescription
A vulnerability in the implementation of Internet Key Exchange Version 1 (IKEv1) functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of specific IKEv1 packets. An attacker could exploit this vulnerability by sending crafted IKEv1 packets to an affected device during an IKE negotiation. A successful exploit could allow the attacker to cause an affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCuj73916.
References (4)
Scores
CVSS v3
7.5
EPSS
0.0697
EPSS Percentile
91.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CISA KEV
2022-03-03
VulnCheck KEV
2022-03-03
InTheWild.io
2022-03-03
ENISA EUVD
EUVD-2018-0982
CWE
CWE-20
Status
published
Products (2)
cisco/ios
15.3\(3\)s
cisco/ios_xe
15.3\(3\)s
Published
Mar 28, 2018
KEV Added
Mar 03, 2022
Tracked Since
Feb 18, 2026