CVE-2018-0158

CVE Database · CVE-2018-0158

CVE-2018-0158

· HIGHAnalyzed

CVSS v3.1

8.6

EPSS

7.19%

Published

Mar 28, 2018

Modified

Jan 14, 2026

CISA Known Exploited Vulnerability

Added: 2022-03-03 · Due: 2022-03-17

Apply updates per vendor instructions.

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain IKEv2 packets. An attacker could exploit this vulnerability by sending crafted IKEv2 packets to an affected device to be processed. A successful exploit could cause an affected device to continuously consume memory and eventually reload, resulting in a DoS condition. Cisco Bug IDs: CSCvf22394.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Weaknesses (CWE)

CWE-20CWE-401

Affected Products (59)

cisco · iosvulnerable

cisco · asr_1001-hx

References (11)

http://www.securityfocus.com/bid/103566

Broken LinkThird Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1040595

Broken LinkThird Party AdvisoryVDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03

Third Party AdvisoryUS Government ResourceVDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04

Third Party AdvisoryUS Government ResourceVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-ike

KEV Catalog EPSS Scores Vendors All CVEs