Cyber Resilience

CVE-2018-0151

CriticalCISA KEVActive ExploitationEUVD Exploited

Published: 28 March 2018

Published
28 March 2018
Modified
12 January 2026
KEV Added
03 March 2022
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0585 90.8th percentile
Risk Priority 43 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2018-0151 is a critical-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Cisco Ios Xe. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 9.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-7 (Boundary Protection) and SI-10 (Information Input Validation).

Deeper analysis

A vulnerability exists in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software, tracked as Cisco Bug ID CSCvf73881. It stems from incorrect bounds checking on values in packets sent to UDP port 18999, which can trigger a buffer overflow condition (CWE-119) when the packets are processed by an affected device. The issue does not affect transit traffic. It carries a CVSS 3.1 score of 9.8.

An unauthenticated remote attacker can exploit the flaw by sending crafted packets to an exposed device. Successful exploitation may permit arbitrary code execution with elevated privileges or force a device reload, resulting in a temporary denial of service.

The referenced Cisco Security Advisory cisco-sa-20180328-qos, along with related notices from ICS-CERT and security trackers, provides mitigation guidance and patch availability for affected releases. No information on observed in-the-wild exploitation is supplied in the source data.

EU & UK References

Vulnerability details

A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges. The…

more

vulnerability is due to incorrect bounds checking of certain values in packets that are destined for UDP port 18999 of an affected device. An attacker could exploit this vulnerability by sending malicious packets to an affected device. When the packets are processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code on the affected device with elevated privileges. The attacker could also leverage this vulnerability to cause the device to reload, causing a temporary DoS condition while the device is reloading. The malicious packets must be destined to and processed by an affected device. Traffic transiting a device will not trigger the vulnerability. Cisco Bug IDs: CSCvf73881.

CWE(s)
KEV Date Added
03 March 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

cisco
ios xe
16.5.1, all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of all input (including packet fields to UDP 18999) to enforce proper bounds checking and eliminate the buffer overflow root cause.

prevent

Enforces boundary protection and traffic filtering so that crafted packets never reach the vulnerable QoS UDP listener on the device.

prevent

Mandates timely application of vendor patches that correct the bounds-checking flaw (CSCvf73881) before exploitation occurs.

References