Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-15377

A vulnerability in the Cisco Network Plug and Play agent, also referred to as the Cisco Open Plug-n-Play agent, of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. The vulnerability is due to insufficient input validation by the affected software. An attacker could exploit this vulnerability by sending invalid data to the Cisco Network Plug and Play agent on an affected device. A successful exploit could allow the attacker to cause a memory leak on the affected device, which could cause the device to reload.

Published

2018-10-05T14:29:06.887

Last Modified

2024-11-21T03:50:39.487

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.6 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: COMPLETE

Exploitability Score

10.0

Impact Score

6.9

Weaknesses

Type: Secondary
CWE-400
Type: Primary
CWE-401

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	cisco	ios	15.7\(3.1s\)m	Yes
Operating System	cisco	ios	denali-16.3.6	Yes
Operating System	cisco	ios	everest-16.5.1	Yes

References

https://ics-cert.us-cert.gov/advisories/ICSA-19-094-02 Third Party Advisory, US Government Resource ([email protected])
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-pnp-memleak Vendor Advisory ([email protected])
https://ics-cert.us-cert.gov/advisories/ICSA-19-094-02 Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-pnp-memleak Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)