Vulnerability Details : CVE-2018-0154
A vulnerability in the crypto engine of the Cisco Integrated Services Module for VPN (ISM-VPN) running Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient handling of VPN traffic by the affected device. An attacker could exploit this vulnerability by sending crafted VPN traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to hang or crash, resulting in a DoS condition. Cisco Bug IDs: CSCvd39267.
Vulnerability category: Denial of service
Products affected by CVE-2018-0154
- cpe:2.3:o:cisco:ios:-:*:*:*:*:*:*:*
Max 200 conditions are displayed on this page, to prevent potential performance issues,
please refer to NVD for more details.
CVE-2018-0154 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Cisco IOS Software Integrated Services Module for VPN Denial-of-Service Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
A vulnerability in the crypto engine of the Cisco Integrated Services Module for VPN (ISM-VPN) running Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial-of-service (DoS) condition.
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2018-0154
Added on
2022-03-03
Action due date
2022-03-17
Exploit prediction scoring system (EPSS) score for CVE-2018-0154
1.95%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 88 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-0154
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST | 2024-07-16 |
CWE ids for CVE-2018-0154
-
Assigned by: ykramarz@cisco.com (Secondary)
References for CVE-2018-0154
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-dos
Cisco IOS Software Integrated Services Module for VPN Denial of Service VulnerabilityVendor Advisory
-
http://www.securityfocus.com/bid/103559
Cisco IOS Software Integrated Services Module for VPN CVE-2018-0154 Denial of Service VulnerabilityBroken Link;Third Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1040585
Cisco IOS Integrated Services Module for VPN Unspecified Processing Flaw Lets Remote Users Cause the Target System to Crash - SecurityTrackerBroken Link;Third Party Advisory;VDB Entry
Jump to