Cyber Resilience

CVE-2018-0180

MediumCISA KEVActive ExploitationEUVD Exploited

Published: 28 March 2018

Published
28 March 2018
Modified
14 January 2026
KEV Added
03 March 2022
Patch
CVSS Score v3.1 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0173 82.9th percentile
Risk Priority 33 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2018-0180 is a medium-severity an unspecified weakness vulnerability in Cisco Ios. Its CVSS base score is 5.9 (Medium).

Operationally, ranked in the top 17.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and AC-7 (Unsuccessful Logon Attempts).

Deeper analysis

The vulnerability CVE-2018-0180 consists of multiple flaws in the Login Enhancements (Login Block) feature of Cisco IOS Software. It affects Cisco devices running IOS releases 15.4(2)T, 15.4(3)M, or 15.4(2)CG and later, and can produce a device reload that results in denial of service. The CVSS 3.1 base score is 5.9 with the vector AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H, and the issues are tracked under CWEs 399 and NVD-CWE-noinfo along with Cisco Bug IDs CSCuy32360 and CSCuz60599.

An unauthenticated remote attacker can trigger the reload by sending crafted traffic that exercises the affected login feature, achieving only availability impact with no confidentiality or integrity consequences. Successful exploitation requires the attacker to overcome the noted high attack complexity.

The referenced Cisco Security Advisory cisco-sa-20180328-slogin addresses the vulnerabilities, and the flaw appears in the CISA Known Exploited Vulnerabilities catalog.

EU & UK References

Vulnerability details

Multiple vulnerabilities in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a denial of service (DoS) condition. These vulnerabilities affect Cisco devices…

more

that are running Cisco IOS Software Release 15.4(2)T, 15.4(3)M, or 15.4(2)CG and later. Cisco Bug IDs: CSCuy32360, CSCuz60599.

CWE(s)
KEV Date Added
03 March 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

cisco
ios
15.3\(00.00.19\)sy, 15.4\(01\)ia001.100, 15.4\(03\)m4.1, 15.4\(2\)cg, 15.4\(2\)t

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires protection against or limiting of DoS attacks that can be triggered by crafted remote traffic against the login feature.

prevent

Enforces limits on unsuccessful logon attempts through the Login Block feature whose implementation flaws are exploited by this CVE.

prevent

Requires validation of inputs to the login enhancements to block crafted traffic that triggers device reload.

References