CVE-2018-0179
Published: 28 March 2018
Summary
CVE-2018-0179 is a medium-severity an unspecified weakness vulnerability in Cisco Ios. Its CVSS base score is 5.9 (Medium).
Operationally, ranked in the top 15.8% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-2 (Flaw Remediation).
Deeper analysis
Multiple vulnerabilities in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated remote attacker to trigger a reload of an affected device. The issues affect Cisco devices running IOS Software releases 15.4(2)T, 15.4(3)M, or 15.4(2)CG and later, and are tracked under Cisco Bug IDs CSCuy32360 and CSCuz60599. The CVSS 3.1 base score is 5.9 with the vector AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating a high impact on availability.
An unauthenticated remote attacker can exploit the flaws over the network to cause a denial-of-service condition by forcing the affected system to reload. The attack requires high complexity and does not need user interaction or credentials.
The Cisco Security Advisory cisco-sa-20180328-slogin addresses the issues, and the vulnerability appears in the CISA Known Exploited Vulnerabilities catalog, confirming observed in-the-wild exploitation.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2018-1002
Vulnerability details
Multiple vulnerabilities in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a denial of service (DoS) condition. These vulnerabilities affect Cisco devices…
more
that are running Cisco IOS Software Release 15.4(2)T, 15.4(3)M, or 15.4(2)CG and later. Cisco Bug IDs: CSCuy32360, CSCuz60599.
- CWE(s)
- KEV Date Added
- 03 March 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires mechanisms to protect against or limit effects of network-based DoS attacks that trigger device reloads via the Login Block feature.
Implements the Login Enhancements (Login Block) feature whose flaws are directly exploited in CVE-2018-0179 to cause unauthenticated reloads.
Requires timely application of vendor patches for the specific IOS Login Block vulnerabilities (CSCuy32360, CSCuz60599) before exploitation.