CVE-2018-0472
Summary
| CVE | CVE-2018-0472 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-10-05 14:29:00 UTC |
| Updated | 2019-04-15 12:31:00 UTC |
| Description | A vulnerability in the IPsec driver code of multiple Cisco IOS XE Software platforms and the Cisco ASA 5500-X Series Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to improper processing of malformed IPsec Authentication Header (AH) or Encapsulating Security Payload (ESP) packets. An attacker could exploit this vulnerability by sending malformed IPsec packets to be processed by an affected device. An exploit could allow the attacker to cause a reload of the affected device. |
Risk And Classification
Problem Types: CWE-20
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Cisco | Ios Xe | 15.5(3)s5.36 | All | All | All |
| Operating System | Cisco | Ios Xe | 15.5\(3\)s5.36 | All | All | All |
| Operating System | Cisco | Ios Xe | 16.8.1 | All | All | All |
| Operating System | Cisco | Ios Xe | 15.5\(3\)s5.36 | All | All | All |
| Operating System | Cisco | Ios Xe | 16.8.1 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Multiple Cisco Products CVE-2018-0472 Denial Of Service Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Cisco ASA 5500-X Series IPsec Driver Bug Lets Remote Users Cause the Target System to Crash - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| Cisco IOS XE Software and Cisco ASA 5500-X Series Adaptive Security Appliance IPsec Denial of Service Vulnerability | CISCO | tools.cisco.com | Vendor Advisory |
| Rockwell Automation Stratix 5950 | CISA | MISC | ics-cert.us-cert.gov | |
| Cisco IOS/IOS XE Multiple Flaws Let Remote Users Cause the Target Device to Hang or Reload and Local Users Gain Elevated Privileges - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.