Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.4
CVSSv3

CVE-2018-0475

Published: 05/10/2018 Updated: 09/10/2019
CVSS v2 Base Score: 6.1 | Impact Score: 6.9 | Exploitability Score: 6.5
CVSS v3 Base Score: 7.4 | Impact Score: 4 | Exploitability Score: 2.8
VMScore: 543
Vector: AV:A/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Summary

A vulnerability in the implementation of the cluster feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent malicious user to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation when handling Cluster Management Protocol (CMP) messages. An attacker could exploit this vulnerability by sending a malicious CMP message to an affected device. A successful exploit could allow the malicious user to cause the switch to crash and reload or to hang, resulting in a DoS condition. If the switch hangs it will not reboot automatically, and it will need to be power cycled manually to recover.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cisco ios 15.0\\(2.0.0\\)

cisco ios xe 15.0\\(2.0.0\\)

Vendor Advisories

Cisco: Cisco IOS and IOS XE Software Cluster Management Protocol Denial of Service Vulnerability
A vulnerability in the implementation of the cluster feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device The vulnerability is due to improper input validation when handling Cluster Management Protocol (CMP) messages An attack ...

References

CWE-20https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-cmphttp://www.securitytracker.com/id/1041737http://www.securityfocus.com/bid/105404https://nvd.nist.govhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-cmp
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalationCVE-2024-20696CVE-2024-29829CVE-2024-33999CVE-2024-35646physicalCVE-2024-24919CVE-2024-31030local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook