CVE-2018-0180
Published: 28 March 2018
Summary
CVE-2018-0180 is a medium-severity an unspecified weakness vulnerability in Cisco Ios. Its CVSS base score is 5.9 (Medium).
Operationally, ranked in the top 17.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and AC-7 (Unsuccessful Logon Attempts).
Deeper analysis
The vulnerability CVE-2018-0180 consists of multiple flaws in the Login Enhancements (Login Block) feature of Cisco IOS Software. It affects Cisco devices running IOS releases 15.4(2)T, 15.4(3)M, or 15.4(2)CG and later, and can produce a device reload that results in denial of service. The CVSS 3.1 base score is 5.9 with the vector AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H, and the issues are tracked under CWEs 399 and NVD-CWE-noinfo along with Cisco Bug IDs CSCuy32360 and CSCuz60599.
An unauthenticated remote attacker can trigger the reload by sending crafted traffic that exercises the affected login feature, achieving only availability impact with no confidentiality or integrity consequences. Successful exploitation requires the attacker to overcome the noted high attack complexity.
The referenced Cisco Security Advisory cisco-sa-20180328-slogin addresses the vulnerabilities, and the flaw appears in the CISA Known Exploited Vulnerabilities catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2018-1003
Vulnerability details
Multiple vulnerabilities in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a denial of service (DoS) condition. These vulnerabilities affect Cisco devices…
more
that are running Cisco IOS Software Release 15.4(2)T, 15.4(3)M, or 15.4(2)CG and later. Cisco Bug IDs: CSCuy32360, CSCuz60599.
- CWE(s)
- KEV Date Added
- 03 March 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires protection against or limiting of DoS attacks that can be triggered by crafted remote traffic against the login feature.
Enforces limits on unsuccessful logon attempts through the Login Block feature whose implementation flaws are exploited by this CVE.
Requires validation of inputs to the login enhancements to block crafted traffic that triggers device reload.