CVE-2018-0180
MEDIUM KEVCisco IOS 15.4(2)T and later - Unauthenticated Denial of Service via Login Enhancements Feature
Title source: llmExploitation Summary
CVE-2018-0180 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 3, 2022.
Description
Multiple vulnerabilities in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a denial of service (DoS) condition. These vulnerabilities affect Cisco devices that are running Cisco IOS Software Release 15.4(2)T, 15.4(3)M, or 15.4(2)CG and later. Cisco Bug IDs: CSCuy32360, CSCuz60599.
References (3)
Core 3
Core References
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-0180
Mitigation, Vendor Advisory x_refsource_confirm
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-slogin
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/103556
Scores
CVSS v3
5.9
EPSS
0.0173
EPSS Percentile
82.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
partial
Details
CISA KEV
2022-03-03
VulnCheck KEV
2022-03-03
InTheWild.io
2022-03-03
ENISA EUVD
EUVD-2018-1003
CWE
CWE-399
Status
published
Products (7)
cisco/ios
15.3\(00.00.19\)sy
cisco/ios
15.4\(01\)ia001.100
cisco/ios
15.6\(01.22\)t
cisco/ios
15.4\(03\)m4.1
cisco/ios
15.4\(2\)cg
cisco/ios
15.4\(2\)t
cisco/ios
15.4\(3\)m
Published
Mar 28, 2018
KEV Added
Mar 03, 2022
Tracked Since
Feb 18, 2026