Executive Summary
Summary | |
---|---|
Title | Cisco IOS XE Software Authentication, Authorization, and Accounting Login Authentication Remote Code Execution Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20180606-aaa | First vendor Publication | 2018-06-06 |
Vendor | Cisco | Last vendor Modification | 2018-06-06 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in the authentication, authorization, and accounting (AAA) security services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device or cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to incorrect memory operations that the affected software performs when the software parses a username during login authentication. An attacker could exploit this vulnerability by attempting to authenticate to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the affected device or cause the affected device to reload, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-aaa ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-aaa"] BEGIN PGP SIGNATURE iQJ5BAEBAgBjBQJbGAZLXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfczfgoP/1kdxRrAc1d7N0YvjXO+8F6auOHl Hb4TV1wv71NpMSoABYM4xq7NYZx/4tCOzZ3vFtOXp5xuAszpsH4rWO3yjny+w2zG QEcGYVHfpf7TB+sEnSDePNuOGZuqI5cWzybb/iQV6Av62LMdsGgf+tDrk+ZAU12M o5ZMbjKVtbx8rDciW47G/x8/+M6Xqe5D+AQmfNtKHaswPoPi5RpWg+yY6nAp82Vg zU0QEa0CP3ip//04J2grMpnSaIG8rEG913JI7Bc6P6kbbjOPyLn3/Bo6nbB6N1ed 2BuYLUUpWGBA4O+Lrmidgr7YAUsdPiOONofcTCyD/qre0zy45y5h013zHAes9lET y6eER60KyPzph5bZXC2cf1I4LSOmJp0H7JZRfVk72QZ3GZwms2XYkuaxc4Pkkt+m jPsMUxJo/eAWcuJeeocWChldZGn64/ibpTllN31s8IkBwWxvnMv9L5CuPfsm+u49 MkxkLNsJUgUhhQvR5xDwUXUu7yzhDr/hmf8WHCqwLCJPm++BcPuaHRwMq3nasK1e jK6aP4+YBBHLuKyprYLE1/6qqXiKVCpy2iOWZu3y6ZHrzp2W7omZzgCDzPmmWfLv iQNFqRzGwZ1ZiVqWL8RAPgiz79INIFdaTq5t/K6fCX/XqXkE4pwrrunNwTMq0V7S 8AaRggm71qucgiTU =l1Bm END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 2 |
Alert History
Date | Informations |
---|---|
2018-07-20 17:21:13 |
|
2018-06-07 17:21:02 |
|
2018-06-06 21:19:07 |
|