Cyber Resilience

CVE-2018-0156

HighCISA KEVActive ExploitationEUVD Exploited

Published: 28 March 2018

Published
28 March 2018
Modified
12 January 2026
KEV Added
03 March 2022
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.1553 94.8th percentile
Risk Priority 44 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2018-0156 is a high-severity Improper Input Validation (CWE-20) vulnerability in Cisco Ios. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 5.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-10 (Information Input Validation).

Deeper analysis

A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software stems from improper validation of packet data and can be triggered by sending a crafted packet to TCP port 4786. The flaw is tracked as Cisco Bug ID CSCvd40673 and is assigned CWE-399 and CWE-20. Only devices configured as Smart Install clients are affected; devices operating as Smart Install directors are not vulnerable. The issue received a CVSS 3.1 base score of 7.5 reflecting high availability impact with network attack vector and no required credentials.

An unauthenticated remote attacker can exploit the weakness to force an affected client switch to reload, producing a denial-of-service condition. No user interaction or local access is required, and the attack can be launched over the network against any reachable Smart Install client.

Public advisories and patches addressing the vulnerability are documented at the Cisco Security Advisory page, the ICS-CERT alerts ICSA-18-107-04 and ICSA-18-107-05, and the associated SecurityFocus and SecurityTracker entries.

EU & UK References

Vulnerability details

A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability…

more

is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted packet to an affected device on TCP port 4786. Only Smart Install client switches are affected. Cisco devices that are configured as a Smart Install director are not affected by this vulnerability. Cisco Bug IDs: CSCvd40673.

CWE(s)
KEV Date Added
03 March 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

cisco
ios
15.2\(2\)e4, 15.2\(2a\)ja
cisco
ios xe
15.2\(2\)e4, 15.2\(2a\)ja

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of all input (here, Smart Install packets on TCP 4786) to reject malformed data before it can trigger a reload.

prevent

Requires disabling or restricting non-essential features such as Smart Install on client switches when the service is not needed, eliminating the vulnerable code path.

prevent

Boundary-protection mechanisms can block or filter traffic to TCP 4786 from untrusted networks, limiting exposure of the unauthenticated Smart Install service.

References