==================================================================== CERT-Renater Note d'Information No. 2018/VULN192 _____________________________________________________________________ DATE : 07/06/2018 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S):Â Cisco IOS XE Software . ===================================================================== https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-aaa _____________________________________________________________________ Cisco Security Advisory: Cisco IOS XE Software Authentication, Authorization, and Accounting Login Authentication Remote Code Execution Vulnerability Advisory ID: cisco-sa-20180606-aaa Revision: 1.0 For Public Release: 2018 June 6 16:00 GMT Last Updated: 2018 June 6 16:00 GMT CVE ID(s): CVE-2018-0315 CVSS Score v(3): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H +--------------------------------------------------------------------- Summary ======= A vulnerability in the authentication, authorization, and accounting (AAA) security services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device or cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to incorrect memory operations that the affected software performs when the software parses a username during login authentication. An attacker could exploit this vulnerability by attempting to authenticate to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the affected device or cause the affected device to reload, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-aaa ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-aaa"] =============================================================== + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: cert@support.renater.fr + =============================================================== --------------080503080501010706020507
====================================================================

                             CERT-Renater

                 Note d'Information No. 2018/VULN192
_____________________________________________________________________

DATE                : 07/06/2018

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S):  Cisco IOS XE Software .

=====================================================================
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-aaa
_____________________________________________________________________

Cisco Security Advisory: Cisco IOS XE Software Authentication, Authorization, and Accounting Login Authentication Remote Code Execution Vulnerability

Advisory ID: cisco-sa-20180606-aaa

Revision: 1.0

For Public Release: 2018 June 6 16:00 GMT

Last Updated: 2018 June 6 16:00 GMT

CVE ID(s): CVE-2018-0315

CVSS Score v(3): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

+---------------------------------------------------------------------

Summary

=======

A vulnerability in the authentication, authorization, and accounting (AAA) security services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device or cause an affected device to reload, resulting in a denial of service (DoS) condition.

The vulnerability is due to incorrect memory operations that the affected software performs when the software parses a username during login authentication. An attacker could exploit this vulnerability by attempting to authenticate to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the affected device or cause the affected device to reload, resulting in a DoS condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-aaa ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-aaa"]


===============================================================
+ CERT-RENATER            | tel : 01-53-94-20-44              +
+ 23 - 25 Rue Daviel      | fax : 01-53-94-20-41              +
+ 75013 Paris             | email: cert@support.renater.fr    +
===============================================================


--------------080503080501010706020507--