Executive Summary

Informations
NameCVE-2018-0484First vendor Publication2019-01-10
VendorCveLast vendor Modification2019-02-14

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:S/C:N/I:P/A:N)
Cvss Base Score4Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityLow
Cvss Expoit Score8AuthenticationRequires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability in the access control logic of the Secure Shell (SSH) server of Cisco IOS and IOS XE Software may allow connections sourced from a virtual routing and forwarding (VRF) instance despite the absence of the vrf-also keyword in the access-class configuration. The vulnerability is due to a missing check in the SSH server. An attacker could use this vulnerability to open an SSH connection to an affected Cisco IOS or IOS XE device with a source address belonging to a VRF instance. Once connected, the attacker would still need to provide valid credentials to access the device.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0484

CWE : Common Weakness Enumeration

%idName
100 %CWE-284Access Control (Authorization) Issues

CPE : Common Platform Enumeration

TypeDescriptionCount
Os2

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/106560
CISCO https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-s...

Alert History

If you want to see full details history, please login or register.
0
1
2
DateInformations
2019-02-14 17:19:01
  • Multiple Updates
2019-01-16 17:18:56
  • Multiple Updates
2019-01-10 21:18:55
  • First insertion