← voltar
CVE-2018-0472

Cisco IOS XE Software and Cisco ASA 5500-X Series Adaptive Security Appliance IPsec Denial of Service Vulnerability

EPSS 16.2%CWE-20
Vexday Risk Score
8Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS EPSS 16.2%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
05 out 2018Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A vulnerability in the IPsec driver code of multiple Cisco IOS XE Software platforms and the Cisco ASA 5500-X Series Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to improper processing of malformed IPsec Authentication Header (AH) or Encapsulating Security Payload (ESP) packets. An attacker could exploit this vulnerability by sending malformed IPsec packets to be processed by an affected device. An exploit could allow the attacker to cause a reload of the affected device.
Produtos afetados
Cisco · Cisco Adaptive Security Appliance (ASA) Software

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://ics-cert.us-cert.gov/advisories/ICSA-19-094-04https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-ipsechttp://www.securityfocus.com/bid/105418http://www.securitytracker.com/id/1041735http://www.securitytracker.com/id/1041737