CVE-2018-0315
Summary
| CVE | CVE-2018-0315 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-06-07 12:29:00 UTC |
| Updated | 2023-01-24 16:10:00 UTC |
| Description | A vulnerability in the authentication, authorization, and accounting (AAA) security services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device or cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to incorrect memory operations that the affected software performs when the software parses a username during login authentication. An attacker could exploit this vulnerability by attempting to authenticate to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the affected device or cause the affected device to reload, resulting in a DoS condition. This vulnerability affects Cisco devices that are running Cisco IOS XE Software Release Fuji 16.7.1 or Fuji 16.8.1 and are configured to use AAA for login authentication. Cisco Bug IDs: CSCvi25380. |
Risk And Classification
Problem Types: CWE-119
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Cisco | 4221 Integrated Services Router | - | All | All | All |
| Hardware | Cisco | 4221 Integrated Services Router | - | All | All | All |
| Hardware | Cisco | 4321 Integrated Services Router | - | All | All | All |
| Hardware | Cisco | 4321 Integrated Services Router | - | All | All | All |
| Hardware | Cisco | 4331 Integrated Services Router | - | All | All | All |
| Hardware | Cisco | 4331 Integrated Services Router | - | All | All | All |
| Hardware | Cisco | 4351 Integrated Services Router | - | All | All | All |
| Hardware | Cisco | 4351 Integrated Services Router | - | All | All | All |
| Hardware | Cisco | 4431 Integrated Services Router | - | All | All | All |
| Hardware | Cisco | 4431 Integrated Services Router | - | All | All | All |
| Hardware | Cisco | 4451-x Integrated Services Router | - | All | All | All |
| Hardware | Cisco | 4451-x Integrated Services Router | - | All | All | All |
| Hardware | Cisco | Asr 1000 Series Route Processor Rp2 | - | All | All | All |
| Hardware | Cisco | Asr 1000 Series Route Processor Rp3 | - | All | All | All |
| Hardware | Cisco | Asr 1000 Series Route Processor Rp2 | - | All | All | All |
| Hardware | Cisco | Asr 1000 Series Route Processor Rp2 | - | All | All | All |
| Hardware | Cisco | Asr 1000 Series Route Processor Rp3 | - | All | All | All |
| Hardware | Cisco | Asr 1000 Series Route Processor Rp3 | - | All | All | All |
| Hardware | Cisco | Asr 1001-hx | - | All | All | All |
| Hardware | Cisco | Asr 1001-hx Router | - | All | All | All |
| Hardware | Cisco | Asr 1001-hx Router | - | All | All | All |
| Hardware | Cisco | Asr 1001-x | - | All | All | All |
| Hardware | Cisco | Asr 1001-x Router | - | All | All | All |
| Hardware | Cisco | Asr 1001-x Router | - | All | All | All |
| Hardware | Cisco | Asr 1002-hx | - | All | All | All |
| Hardware | Cisco | Asr 1002-hx Router | - | All | All | All |
| Hardware | Cisco | Asr 1002-hx Router | - | All | All | All |
| Hardware | Cisco | Asr 1002-x | - | All | All | All |
| Hardware | Cisco | Asr 1002-x Router | - | All | All | All |
| Hardware | Cisco | Asr 1002-x Router | - | All | All | All |
| Hardware | Cisco | Asr 900 Route Switch Processor 2 Rsp2 | - | All | All | All |
| Hardware | Cisco | Asr 900 Route Switch Processor 2 Rsp2 | - | All | All | All |
| Hardware | Cisco | Asr 900 Route Switch Processor 2 Rsp2 | - | All | All | All |
| Hardware | Cisco | Asr 900 Route Switch Processor 3 Rsp3 | - | All | All | All |
| Hardware | Cisco | Asr 900 Route Switch Processor 3 Rsp3 | - | All | All | All |
| Hardware | Cisco | Asr 900 Route Switch Processor 3 Rsp3 | - | All | All | All |
| Hardware | Cisco | Asr 920-10sz-pd Router | - | All | All | All |
| Hardware | Cisco | Asr 920-10sz-pd Router | - | All | All | All |
| Hardware | Cisco | Asr 920-12cz-a Router | - | All | All | All |
| Hardware | Cisco | Asr 920-12cz-a Router | - | All | All | All |
| Hardware | Cisco | Asr 920-12cz-d Router | - | All | All | All |
| Hardware | Cisco | Asr 920-12cz-d Router | - | All | All | All |
| Hardware | Cisco | Asr 920-12sz-im Router | - | All | All | All |
| Hardware | Cisco | Asr 920-12sz-im Router | - | All | All | All |
| Hardware | Cisco | Asr 920-24sz-im Router | - | All | All | All |
| Hardware | Cisco | Asr 920-24sz-im Router | - | All | All | All |
| Hardware | Cisco | Asr 920-24sz-m Router | - | All | All | All |
| Hardware | Cisco | Asr 920-24sz-m Router | - | All | All | All |
| Hardware | Cisco | Asr 920-24tz-m Router | - | All | All | All |
| Hardware | Cisco | Asr 920-24tz-m Router | - | All | All | All |
| Hardware | Cisco | Asr 920-4sz-a Router | - | All | All | All |
| Hardware | Cisco | Asr 920-4sz-a Router | - | All | All | All |
| Hardware | Cisco | Asr 920-4sz-d Router | - | All | All | All |
| Hardware | Cisco | Asr 920-4sz-d Router | - | All | All | All |
| Hardware | Cisco | Cbr-8 Converged Broadband Router | - | All | All | All |
| Hardware | Cisco | Cbr-8 Converged Broadband Router | - | All | All | All |
| Hardware | Cisco | Cloud Services Router 1000v | - | All | All | All |
| Hardware | Cisco | Cloud Services Router 1000v | - | All | All | All |
| Hardware | Cisco | Ios | - | All | All | All |
| Hardware | Cisco | Ios | - | All | All | All |
| Operating System | Cisco | Ios Xe | 16.7.1 | All | All | All |
| Operating System | Cisco | Ios Xe | 16.8.1 | All | All | All |
| Operating System | Cisco | Ios Xe | fuji-16.7.1 | All | All | All |
| Operating System | Cisco | Ios Xe | fuji-16.8.1 | All | All | All |
| Operating System | Cisco | Ios Xe | fuji-16.8.1a | All | All | All |
| Operating System | Cisco | Ios Xe | 16.8.1 | All | All | All |
| Operating System | Cisco | Ios Xe | fuji-16.7.1 | All | All | All |
| Operating System | Cisco | Ios Xe | fuji-16.8.1 | All | All | All |
| Operating System | Cisco | Ios Xe | fuji-16.8.1a | All | All | All |
| Hardware | Cisco | Ncs 4201 | - | All | All | All |
| Hardware | Cisco | Ncs 4201 | - | All | All | All |
| Hardware | Cisco | Ncs 4202 | - | All | All | All |
| Hardware | Cisco | Ncs 4202 | - | All | All | All |
| Hardware | Cisco | Ncs 4206 | - | All | All | All |
| Hardware | Cisco | Ncs 4206 | - | All | All | All |
| Hardware | Cisco | Ncs 4216 | - | All | All | All |
| Hardware | Cisco | Ncs 4216 | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cisco IOS XE Software Authentication, Authorization, and Accounting Login Authentication Remote Code Execution Vulnerability | CONFIRM | tools.cisco.com | Vendor Advisory |
| Cisco IOS XE AAA Bug Lets Remote Users Execute Arbitrary Code on the Target System - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| Cisco IOS XE Software CVE-2018-0315 Remote Code Execution Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.