CVE-2018-0156

A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted packet to an affected device on TCP port 4786. Only Smart Install client switches are affected. Cisco devices that are configured as a Smart Install director are not affected by this vulnerability. Cisco Bug IDs: CSCvd40673.

Published: Mar 29, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-0156
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: High
Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
cisco / ios	15.2(2)e4	15.2(2)e4.x
cisco / ios	15.2(2a)ja	15.2(2a)ja.x
cisco / ios_xe	15.2(2)e4	15.2(2)e4.x
cisco / ios_xe	15.2(2a)ja	15.2(2a)ja.x

Vulnerability Database

289,697

CVE-2018-0156