← Back

CVE-2018-0469

nvd nist
Published: Oct 5, 2018Modified: Nov 21, 2024

JSON object

Loading...
6.8
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
Exploitability: 2.2 / Impact: 4.0
Source: NVD

Description

A vulnerability in the web user interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a double-free-in-memory handling by the affected software when specific HTTP requests are processed. An attacker could exploit this vulnerability by sending specific HTTP requests to the web user interface of the affected software. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition on an affected device. To exploit this vulnerability, the attacker must have access to the management interface of the affected software, which is typically connected to a restricted management network.

Affected (1)

Products: Cisco: Ios Xe
Cisco
1 product
Ios Xe
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Ios Xe
Version 16.5.1

Related CWEs

CWE-415
Double Free
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References (6)

Source: psirt@cisco.com
Third Party AdvisoryVDB Entry
Source: psirt@cisco.com
Third Party AdvisoryVDB Entry
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.