Informazioni sul CVE-2018-15369
Cisco IOS and IOS XE Software TACACS+ Client Denial of Service Vulnerability
CWE ID: CWE-20
Base Score (CVSS): N/A
CVE: CVE-2018-15369
Descrizione: A vulnerability in the TACACS+ client subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of crafted TACACS+ response packets by the affected software. An attacker could exploit this vulnerability by injecting a crafted TACACS+ packet into an existing TACACS+ session between an affected device and a TACACS+ server or by impersonating a known, valid TACACS+ server and sending a crafted TACACS+ packet to an affected device when establishing a connection to the device. To exploit this vulnerability by using either method, the attacker must know the shared TACACS+ secret and the crafted packet must be sent in response to a TACACS+ request from a TACACS+ client. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.
Vettore di attacco
Punteggio CVSS
Il CVSS è un sistema di valutazione che misura la gravità di una vulnerabilità informatica considerando fattori come l’impatto potenziale, la probabilità di attacco e la facilità di esecuzione.
Riassunto: .
Dettaglio del Vettore
| Metrica | Valore | Significato | Descrizione |
|---|
Riferimenti esterni
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-tacplus
- http://www.securityfocus.com/bid/105426
Prodotti interessati
- Cisco – Cisco IOS Software
Relazioni con altri prodotti
Produttore:Cisco
Prodotto: Cisco IOS Software
Anno: 2018
CWE: CWE-20
CVSS: 0.0