CVE-2018-0159: Cisco IOS and XE Software Internet Key Exchange Version 1 Denial-of-Service Vulnerability
First published: Wed Mar 28 2018(Updated: )
A vulnerability in the implementation of Internet Key Exchange Version 1 (IKEv1) functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of specific IKEv1 packets. An attacker could exploit this vulnerability by sending crafted IKEv1 packets to an affected device during an IKE negotiation. A successful exploit could allow the attacker to cause an affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCuj73916.
Credit: ykramarz@cisco.com ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Cisco IOS | =15.3\(3\)s | |
| Any of | ||
| Cisco Asr 901-12c-f-d | ||
| Cisco Asr 901-12c-ft-d | ||
| Cisco Asr 901-4c-f-d | ||
| Cisco Asr 901-4c-ft-d | ||
| Cisco Asr 901-6cz-f-a | ||
| Cisco Asr 901-6cz-f-d | ||
| Cisco Asr 901-6cz-ft-a | ||
| Cisco Asr 901-6cz-ft-d | ||
| Cisco Me 3600x-24cx-m | ||
| Cisco Me 3600x-24fs-m | ||
| Cisco Me 3600x-24ts-m | ||
| Cisco Me 3800x-24fs-m | ||
| All of | ||
| Cisco IOS XE | =15.3\(3\)s | |
| Any of | ||
| Cisco Asr 901-12c-f-d | ||
| Cisco Asr 901-12c-ft-d | ||
| Cisco Asr 901-4c-f-d | ||
| Cisco Asr 901-4c-ft-d | ||
| Cisco Asr 901-6cz-f-a | ||
| Cisco Asr 901-6cz-f-d | ||
| Cisco Asr 901-6cz-ft-a | ||
| Cisco Asr 901-6cz-ft-d | ||
| Cisco Me 3600x-24cx-m | ||
| Cisco Me 3600x-24fs-m | ||
| Cisco Me 3600x-24ts-m | ||
| Cisco Me 3800x-24fs-m | ||
| Cisco IOS | =15.3\(3\)s | |
| Cisco Asr 901-12c-f-d | ||
| Cisco Asr 901-12c-ft-d | ||
| Cisco Asr 901-4c-f-d | ||
| Cisco Asr 901-4c-ft-d | ||
| Cisco Asr 901-6cz-f-a | ||
| Cisco Asr 901-6cz-f-d | ||
| Cisco Asr 901-6cz-ft-a | ||
| Cisco Asr 901-6cz-ft-d | ||
| Cisco Me 3600x-24cx-m | ||
| Cisco Me 3600x-24fs-m | ||
| Cisco Me 3600x-24ts-m | ||
| Cisco Me 3800x-24fs-m | ||
| Cisco IOS XE | =15.3\(3\)s | |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-0159?
The severity of CVE-2018-0159 is high.
How does CVE-2018-0159 impact Cisco IOS Software and Cisco IOS XE Software?
CVE-2018-0159 can cause a denial of service (DoS) condition by causing a device to reload.
Is Cisco Asr 901-12c-f-d affected by CVE-2018-0159?
No, Cisco Asr 901-12c-f-d is not vulnerable to CVE-2018-0159.
How can I fix CVE-2018-0159?
Apply the necessary updates and patches provided by Cisco.
Where can I find more information about CVE-2018-0159?
You can find more information about CVE-2018-0159 on the Cisco Security Advisory website and other security-related sources.
- agent/type
- agent/description
- agent/title
- agent/weakness
- agent/author
- agent/severity
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/references
- agent/softwarecombine
- agent/event
- agent/tags
- collector/nvd-cve
- vendor/cisco
- canonical/cisco ios
- version/cisco ios/15.3\(3\)s
- canonical/cisco asr 901-12c-f-d
- canonical/cisco asr 901-12c-ft-d
- canonical/cisco asr 901-4c-f-d
- canonical/cisco asr 901-4c-ft-d
- canonical/cisco asr 901-6cz-f-a
- canonical/cisco asr 901-6cz-f-d
- canonical/cisco asr 901-6cz-ft-a
- canonical/cisco asr 901-6cz-ft-d
- canonical/cisco me 3600x-24cx-m
- canonical/cisco me 3600x-24fs-m
- canonical/cisco me 3600x-24ts-m
- canonical/cisco me 3800x-24fs-m
- canonical/cisco ios xe
- version/cisco ios xe/15.3\(3\)s
- canonical/cisco ios software and cisco ios xe software