CVE-2018-0467: Cisco IOS and IOS XE Software IPv6 Hop-by-Hop Options Denial of Service Vulnerability
First published: Fri Oct 05 2018(Updated: )
A vulnerability in the IPv6 processing code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect handling of specific IPv6 hop-by-hop options. An attacker could exploit this vulnerability by sending a malicious IPv6 packet to or through the affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition on an affected device.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco IOS XE Web UI | =15.6\(2\)sp | |
| Cisco IOS XE Web UI | =16.6.1 | |
| Cisco IOS XE Web UI | =everest-16.6.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/type
- agent/softwarecombine
- agent/references
- agent/title
- agent/author
- agent/weakness
- agent/severity
- agent/description
- agent/event
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco ios xe web ui
- version/cisco ios xe web ui/15.6\(2\)sp
- version/cisco ios xe web ui/16.6.1
- version/cisco ios xe web ui/everest-16.6.1