Cisco March 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication addressed 22 vulnerabilities, 3 of them rated as critical and 19 as high.
Let’s give a close look at the critical vulnerabilities.
The first issue. tracked as CVE-2018-0151, is an IOS and IOS XE Software Quality of Service Remote Code Execution Vulnerability.
“A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges.” reads the advisory published by Cisco.
“The vulnerability is due to incorrect bounds checking of certain values in packets that are destined for UDP port 18999 of an affected device. An attacker could exploit this vulnerability by sending malicious packets to an affected device”
The second vulnerability tracked as CVE-2018-0171 affects the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software, it could be exploited by an unauthenticated, remote attacker to cause a reload of a vulnerable device or to execute arbitrary code on an affected device.
“The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted Smart Install message to an affected device on TCP port 4786.” reads the security advisory published by Cisco.
“A successful exploit could allow the attacker to cause a buffer overflow on the affected device, which could have the following impacts:
The third flaw affects the Cisco IOS XE Software is due to an undocumented user account “with privilege level 15” hat has a default username and password.
The issue tracked as CVE-2018-0150 could be exploited by an unauthenticated, remote attacker to log in to a device running an affected release of Cisco IOS XE Software with the default credentials.
“A vulnerability in Cisco IOS XE Software could allow an unauthenticated, remote attacker to log in to a device running an affected release of Cisco IOS XE Software with the default username and password that are used at initial boot.” reads the security advisory published by Cisco.
“The vulnerability is due to an undocumented user account with privilege level 15 that has a default username and password. An attacker could exploit this vulnerability by using this account to remotely connect to an affected device. A successful exploit could allow the attacker to log in to the device with privilege level 15 access.”
[adrotate banner=”9″] | [adrotate banner=”12″] |
(Security Affairs – CISCO IOS XE, hacking)
[adrotate banner=”5″]
[adrotate banner=”13″]
James Comey is under investigation for a seashell photo showing “8647,” seen by some as…
Pwn2Own Berlin 2025 wrapped up with $383,750 awarded on the final day, pushing the total…
Security Affairs Malware newsletter includes a collection of the best articles and research on malware…
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles…
Chinese "kill switches" found in Chinese-made power inverters in US solar farm equipment that could…
FBI warns ex-officials are targeted with deepfake texts and AI voice messages impersonating senior U.S.…
This website uses cookies.