What is the severity of CVE-2018-0157?

CVE-2018-0157 has been classified with a high severity due to its potential impact on device availability.

How do I fix CVE-2018-0157?

To mitigate CVE-2018-0157, upgrade to a fixed Cisco IOS XE Software version as specified in the security advisories.

What devices are affected by CVE-2018-0157?

CVE-2018-0157 affects various versions of Cisco IOS XE Software including versions 16.4.1, 16.4.2, 16.5.1, 16.5.1b, 16.6.1, and 16.6.1a.

What kind of attack can exploit CVE-2018-0157?

An unauthenticated, remote attacker can exploit CVE-2018-0157 by sending specially crafted fragmented packets to target devices.

Is authentication required to exploit CVE-2018-0157?

No, CVE-2018-0157 can be exploited by unauthenticated attackers, making it particularly concerning.

Vulnerability/
CVE-2018-0157

high

8.6

CWE

28/3/2018

2/12/2024

CVE-2018-0157

First published: Wed Mar 28 2018(Updated: )

A vulnerability in the Zone-Based Firewall code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a device to reload. The vulnerability is due to the way fragmented packets are handled in the firewall code. An attacker could exploit this vulnerability by sending fragmented IP Version 4 or IP Version 6 packets through an affected device. An exploit could allow the attacker to cause the device to crash, resulting in a denial of service (DoS) condition. The following releases of Cisco IOS XE Software are vulnerable: Everest-16.4.1, Everest-16.4.2, Everest-16.5.1, Everest-16.5.1b, Everest-16.6.1, Everest-16.6.1a. Cisco Bug IDs: CSCvf60296.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco IOS XE Web UI	=16.4.1
Cisco IOS XE Web UI	=16.4.2
Cisco IOS XE Web UI	=16.5.1
Cisco IOS XE Web UI	=16.5.1b
Cisco IOS XE Web UI	=16.6.1
Cisco IOS XE Web UI	=16.6.1a

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2018-0157?
CVE-2018-0157 has been classified with a high severity due to its potential impact on device availability.
How do I fix CVE-2018-0157?
To mitigate CVE-2018-0157, upgrade to a fixed Cisco IOS XE Software version as specified in the security advisories.
What devices are affected by CVE-2018-0157?
CVE-2018-0157 affects various versions of Cisco IOS XE Software including versions 16.4.1, 16.4.2, 16.5.1, 16.5.1b, 16.6.1, and 16.6.1a.
What kind of attack can exploit CVE-2018-0157?
An unauthenticated, remote attacker can exploit CVE-2018-0157 by sending specially crafted fragmented packets to target devices.
Is authentication required to exploit CVE-2018-0157?
No, CVE-2018-0157 can be exploited by unauthenticated attackers, making it particularly concerning.

agent/type
agent/softwarecombine
agent/weakness
agent/references
agent/severity
agent/author
agent/first-publish-date
agent/event
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/cisco
canonical/cisco ios xe web ui
version/cisco ios xe web ui/16.4.1
version/cisco ios xe web ui/16.4.2
version/cisco ios xe web ui/16.5.1
version/cisco ios xe web ui/16.5.1b
version/cisco ios xe web ui/16.6.1
version/cisco ios xe web ui/16.6.1a

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.