CVE-2018-0158 (CNNVD-201803-1032)
中文标题:
Cisco IOS Software和IOS XE Software Internet Key Exchange Version 2模块输入验证漏洞
英文标题:
A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisc...
漏洞描述
中文描述:
Cisco IOS Software和IOS XE Software都是美国思科(Cisco)公司为其网络设备开发的操作系统。Internet Key Exchange Version 2(IKEv2)module是其中的一个网络秘钥交换模块。 Cisco IOS Software和IOS XE Software中的IKEv2模块存在输入验证漏洞,该漏洞源于程序没有正确的处理IKEv2数据包。远程攻击者可通过发送特制的IKEv2数据包利用该漏洞造成拒绝服务(内存泄露或设备重新加载)。
英文描述:
A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain IKEv2 packets. An attacker could exploit this vulnerability by sending crafted IKEv2 packets to an affected device to be processed. A successful exploit could cause an affected device to continuously consume memory and eventually reload, resulting in a DoS condition. Cisco Bug IDs: CSCvf22394.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| cisco | ios | 15.5\(3\)s1.1 | - | - |
cpe:2.3:o:cisco:ios:15.5\(3\)s1.1:*:*:*:*:*:*:*
|
| cisco | ios | 15.5\(3\)s1.2 | - | - |
cpe:2.3:o:cisco:ios:15.5\(3\)s1.2:*:*:*:*:*:*:*
|
| cisco | ios | 15.5\(3\)s1.4 | - | - |
cpe:2.3:o:cisco:ios:15.5\(3\)s1.4:*:*:*:*:*:*:*
|
| cisco | ios | 15.5\(3\)s1.5 | - | - |
cpe:2.3:o:cisco:ios:15.5\(3\)s1.5:*:*:*:*:*:*:*
|
| cisco | ios | 15.5\(3\)s1.7 | - | - |
cpe:2.3:o:cisco:ios:15.5\(3\)s1.7:*:*:*:*:*:*:*
|
| cisco | ios | 15.5\(3\)s1.8 | - | - |
cpe:2.3:o:cisco:ios:15.5\(3\)s1.8:*:*:*:*:*:*:*
|
| cisco | ios | 15.5\(3\)s1.9 | - | - |
cpe:2.3:o:cisco:ios:15.5\(3\)s1.9:*:*:*:*:*:*:*
|
| cisco | ios | 15.5\(3\)s1.10 | - | - |
cpe:2.3:o:cisco:ios:15.5\(3\)s1.10:*:*:*:*:*:*:*
|
| cisco | ios | 15.5\(3\)s1.11 | - | - |
cpe:2.3:o:cisco:ios:15.5\(3\)s1.11:*:*:*:*:*:*:*
|
| cisco | ios | 15.5\(3\)s1.12 | - | - |
cpe:2.3:o:cisco:ios:15.5\(3\)s1.12:*:*:*:*:*:*:*
|
| cisco | ios_xe | 15.5\(3\)s1.1 | - | - |
cpe:2.3:o:cisco:ios_xe:15.5\(3\)s1.1:*:*:*:*:*:*:*
|
| cisco | ios_xe | 15.5\(3\)s1.2 | - | - |
cpe:2.3:o:cisco:ios_xe:15.5\(3\)s1.2:*:*:*:*:*:*:*
|
| cisco | ios_xe | 15.5\(3\)s1.4 | - | - |
cpe:2.3:o:cisco:ios_xe:15.5\(3\)s1.4:*:*:*:*:*:*:*
|
| cisco | ios_xe | 15.5\(3\)s1.5 | - | - |
cpe:2.3:o:cisco:ios_xe:15.5\(3\)s1.5:*:*:*:*:*:*:*
|
| cisco | ios_xe | 15.5\(3\)s1.7 | - | - |
cpe:2.3:o:cisco:ios_xe:15.5\(3\)s1.7:*:*:*:*:*:*:*
|
| cisco | ios_xe | 15.5\(3\)s1.8 | - | - |
cpe:2.3:o:cisco:ios_xe:15.5\(3\)s1.8:*:*:*:*:*:*:*
|
| cisco | ios_xe | 15.5\(3\)s1.9 | - | - |
cpe:2.3:o:cisco:ios_xe:15.5\(3\)s1.9:*:*:*:*:*:*:*
|
| cisco | ios_xe | 15.5\(3\)s1.10 | - | - |
cpe:2.3:o:cisco:ios_xe:15.5\(3\)s1.10:*:*:*:*:*:*:*
|
| cisco | ios_xe | 15.5\(3\)s1.11 | - | - |
cpe:2.3:o:cisco:ios_xe:15.5\(3\)s1.11:*:*:*:*:*:*:*
|
| cisco | ios_xe | 15.5\(3\)s1.12 | - | - |
cpe:2.3:o:cisco:ios_xe:15.5\(3\)s1.12:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2018-0158 |
2025-11-11 15:19:35 | 2025-11-11 07:34:56 |
| NVD | nvd_CVE-2018-0158 |
2025-11-11 14:55:53 | 2025-11-11 07:43:33 |
| CNNVD | cnnvd_CNNVD-201803-1032 |
2025-11-11 15:09:59 | 2025-11-11 07:53:35 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 资源管理错误
- cnnvd_id: 未提取 -> CNNVD-201803-1032
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- severity: SeverityLevel.MEDIUM -> SeverityLevel.HIGH
- cvss_score: 未提取 -> 8.6
- cvss_vector: NOT_EXTRACTED -> CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
- cvss_version: NOT_EXTRACTED -> 3.1
- affected_products_count: 0 -> 20
- references_count: 5 -> 6
- data_sources: ['cve'] -> ['cve', 'nvd']