Executive Summary

Title Cisco IOS XE Software Authentication, Authorization, and Accounting Login Authentication Remote Code Execution Vulnerability
Name cisco-sa-20180606-aaa First vendor Publication 2018-06-06
Vendor Cisco Last vendor Modification 2018-06-06
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


A vulnerability in the authentication, authorization, and accounting (AAA) security services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device or cause an affected device to reload, resulting in a denial of service (DoS) condition.

The vulnerability is due to incorrect memory operations that the affected software performs when the software parses a username during login authentication. An attacker could exploit this vulnerability by attempting to authenticate to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the affected device or cause the affected device to reload, resulting in a DoS condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-aaa ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-aaa"]


iQJ5BAEBAgBjBQJbGAZLXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfczfgoP/1kdxRrAc1d7N0YvjXO+8F6auOHl Hb4TV1wv71NpMSoABYM4xq7NYZx/4tCOzZ3vFtOXp5xuAszpsH4rWO3yjny+w2zG QEcGYVHfpf7TB+sEnSDePNuOGZuqI5cWzybb/iQV6Av62LMdsGgf+tDrk+ZAU12M o5ZMbjKVtbx8rDciW47G/x8/+M6Xqe5D+AQmfNtKHaswPoPi5RpWg+yY6nAp82Vg zU0QEa0CP3ip//04J2grMpnSaIG8rEG913JI7Bc6P6kbbjOPyLn3/Bo6nbB6N1ed 2BuYLUUpWGBA4O+Lrmidgr7YAUsdPiOONofcTCyD/qre0zy45y5h013zHAes9lET y6eER60KyPzph5bZXC2cf1I4LSOmJp0H7JZRfVk72QZ3GZwms2XYkuaxc4Pkkt+m jPsMUxJo/eAWcuJeeocWChldZGn64/ibpTllN31s8IkBwWxvnMv9L5CuPfsm+u49 MkxkLNsJUgUhhQvR5xDwUXUu7yzhDr/hmf8WHCqwLCJPm++BcPuaHRwMq3nasK1e jK6aP4+YBBHLuKyprYLE1/6qqXiKVCpy2iOWZu3y6ZHrzp2W7omZzgCDzPmmWfLv iQNFqRzGwZ1ZiVqWL8RAPgiz79INIFdaTq5t/K6fCX/XqXkE4pwrrunNwTMq0V7S 8AaRggm71qucgiTU =l1Bm END PGP SIGNATURE

_______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

Os 4

Alert History

If you want to see full details history, please login or register.
Date Informations
2018-07-20 17:21:13
  • Multiple Updates
2018-06-07 17:21:02
  • Multiple Updates
2018-06-06 21:19:07
  • First insertion