CVE-2018-0472 : A vulnerability in the IPsec driver code of multiple Cisco IOS XE Software platf

A vulnerability in the IPsec driver code of multiple Cisco IOS XE Software platforms and the Cisco ASA 5500-X Series Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to improper processing of malformed IPsec Authentication Header (AH) or Encapsulating Security Payload (ESP) packets. An attacker could exploit this vulnerability by sending malformed IPsec packets to be processed by an affected device. An exploit could allow the attacker to cause a reload of the affected device.

Published 2018-10-05 14:29:05

Updated 2019-04-15 12:31:09

Source Cisco Systems, Inc.

View at NVD, CVE.org

Vulnerability category: Input validation

Products affected by CVE-2018-0472

Cisco » Ios Xe » Version: 16.8.1
cpe:2.3:o:cisco:ios_xe:16.8.1:*:*:*:*:*:*:*
Matching versions
Cisco » Ios Xe » Version: 15.5(3)s5.36
cpe:2.3:o:cisco:ios_xe:15.5\(3\)s5.36:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2018-0472

EPSS FAQ

15.64%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 94 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2018-0472

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.8	HIGH	AV:N/AC:L/Au:N/C:N/I:N/A:C	10.0	6.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete
8.6	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H	3.9	4.0	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Changed Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2018-0472

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Assigned by:
- nvd@nist.gov (Primary)
- ykramarz@cisco.com (Secondary)

References for CVE-2018-0472

http://www.securityfocus.com/bid/105418

Multiple Cisco Products CVE-2018-0472 Denial Of Service Vulnerability
Third Party Advisory;VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-ipsec

Cisco IOS XE Software and Cisco ASA 5500-X Series Adaptive Security Appliance IPsec Denial of Service Vulnerability
Vendor Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-19-094-04

Rockwell Automation Stratix 5950 | CISA
http://www.securitytracker.com/id/1041735

Cisco ASA 5500-X Series IPsec Driver Bug Lets Remote Users Cause the Target System to Crash - SecurityTracker
Third Party Advisory;VDB Entry
http://www.securitytracker.com/id/1041737

Cisco IOS/IOS XE Multiple Flaws Let Remote Users Cause the Target Device to Hang or Reload and Local Users Gain Elevated Privileges - SecurityTracker
Third Party Advisory;VDB Entry

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2018-0472

Products affected by CVE-2018-0472

Exploit prediction scoring system (EPSS) score for CVE-2018-0472

CVSS scores for CVE-2018-0472

CWE ids for CVE-2018-0472

References for CVE-2018-0472