How severe is CVE-2018-0273?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2018-0273?

This is classified as CWE-399, which is a common weakness in software security.

CVE-2018-0273

MEDIUM Year: 2018

CVSS v3 Score

5.3

Medium

CVSS v2 Score

5.0

Medium

Weakness Type

CWE-399

View all →

Vulnerability Description

A vulnerability in the IPsec Manager of Cisco StarOS for Cisco Aggregation Services Router (ASR) 5000 Series Routers and Virtualized Packet Core (VPC) System Software could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from being established, resulting in a denial of service (DoS) condition. The vulnerability is due to improper processing of corrupted Internet Key Exchange Version 2 (IKEv2) messages. An attacker could exploit this vulnerability by sending crafted IKEv2 messages toward an affected router. A successful exploit could allow the attacker to cause the ipsecmgr service to reload. A reload of this service could cause all IPsec VPN tunnels to be terminated and prevent new tunnels from being established until the service has restarted, resulting in a DoS condition. This vulnerability affects the following Cisco products when they are running Cisco StarOS: Cisco Aggregation Services Router (ASR) 5000 Series Routers, Virtualized Packet Core (VPC) System Software. Cisco Bug IDs: CSCve29605.

CVE-2015-4942

MEDIUM

CVSS:5.3(Medium)

IBM WebSphere MQ Light 1.x before 1.0.2 allows remote attackers to cause a denial of service (MQXR service crash) via a series of connect and disconnect actions, a different vulnerability than CVE-201...

CWE-3992015

CVE-2016-1256

MEDIUM

CVSS:5.3(Medium)

Juniper Junos OS before 12.1X44-D55, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D20, 13.2 before 13.2R8, 13.2X51 before 13.2X51-D40, 13.3 befor...

CWE-3992016

CVE-2016-1260

MEDIUM

CVSS:5.3(Medium)

Juniper Junos OS before 13.2X51-D36, 14.1X53 before 14.1X53-D25, and 15.2 before 15.2R1 on EX4300 series switches allow remote attackers to cause a denial of service (network loop and bandwidth consum...

CWE-3992016

CVE-2016-1299

MEDIUM

CVSS:5.3(Medium)

The web-management GUI implementation on Cisco Small Business SG300 devices 1.4.1.x allows remote attackers to cause a denial of service (HTTPS outage) via crafted HTTPS requests, aka Bug ID CSCuw8717...

CWE-3992016

CVE-2016-1353

MEDIUM

CVSS:5.3(Medium)

The TCP implementation in Cisco Videoscape Distribution Suite for Internet Streaming (VDS-IS) 3.3(0), 3.3(1), 4.0(0), and 4.1(0) does not properly initiate new TCP sessions when a previous session is ...

CWE-3992016

CVE-2016-1361

MEDIUM

CVSS:5.3(Medium)

Cisco IOS XR through 4.3.2 on Gigabit Switch Router (GSR) 12000 devices does not properly check for a Bidirectional Forwarding Detection (BFD) header in a UDP packet, which allows remote attackers to ...

CWE-3992016

CVE-2018-0273

Vulnerability Description

Related Vulnerabilities

CVE-2015-4942

CVE-2016-1256

CVE-2016-1260

CVE-2016-1299

CVE-2016-1353

CVE-2016-1361