How severe is CVE-2018-0157?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.6 out of 10.

What type of vulnerability is CVE-2018-0157?

This is classified as CWE-19, which is a common weakness in software security.

CVE-2018-0157

HIGH Year: 2018

CVSS v3 Score

8.6

High

CVSS v2 Score

7.8

High

Weakness Type

CWE-19

View all →

Vulnerability Description

A vulnerability in the Zone-Based Firewall code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a device to reload. The vulnerability is due to the way fragmented packets are handled in the firewall code. An attacker could exploit this vulnerability by sending fragmented IP Version 4 or IP Version 6 packets through an affected device. An exploit could allow the attacker to cause the device to crash, resulting in a denial of service (DoS) condition. The following releases of Cisco IOS XE Software are vulnerable: Everest-16.4.1, Everest-16.4.2, Everest-16.5.1, Everest-16.5.1b, Everest-16.6.1, Everest-16.6.1a. Cisco Bug IDs: CSCvf60296.

CVE-2018-0485

HIGH

CVSS:8.6(High)

A vulnerability in the SM-1T3/E3 firmware on Cisco Second Generation Integrated Services Routers (ISR G2) and the Cisco 4451-X Integrated Services Router (ISR4451-X) could allow an unauthenticated, re...

CWE-192018

CVE-2020-3414

HIGH

CVSS:8.6(High)

A vulnerability in the packet processing of Cisco IOS XE Software for Cisco 4461 Integrated Services Routers could allow an unauthenticated, remote attacker to cause an affected device to reload, resu...

CWE-192020

CVE-2016-2790

HIGH

CVSS:8.8(High)

The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data st...

CWE-192016

CVE-2016-2795

HIGH

CVSS:8.8(High)

The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data s...

CWE-192016

CVE-2016-3630

HIGH

CVSS:8.8(High)

The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b)...

CWE-192016

CVE-2016-4977

HIGH

CVSS:8.8(High)

When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the response_type parameter value was executed as Spring SpEL which enable...

CWE-192016

CVE-2018-0157

Vulnerability Description

Related Vulnerabilities

CVE-2018-0485

CVE-2020-3414

CVE-2016-2790

CVE-2016-2795

CVE-2016-3630

CVE-2016-4977