CVE-2018-15377

HIGH

Cisco IOS Software/Cisco IOS XE Software - Memory Leak

Title source: llm

Description

A vulnerability in the Cisco Network Plug and Play agent, also referred to as the Cisco Open Plug-n-Play agent, of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. The vulnerability is due to insufficient input validation by the affected software. An attacker could exploit this vulnerability by sending invalid data to the Cisco Network Plug and Play agent on an affected device. A successful exploit could allow the attacker to cause a memory leak on the affected device, which could cause the device to reload.

References (2)

[Third Party Advisory, US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSA-19-094-02

[Vendor Advisory] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-pnp-memleak

Scores

CVSS v3 8.6

EPSS 0.0058

EPSS Percentile 68.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Classification

CWE

CWE-401 CWE-400

Status published

Affected Products (3)

cisco/ios

Timeline

Published Oct 05, 2018

Tracked Since Feb 18, 2026