How severe is CVE-2018-0475?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.4 out of 10.

What type of vulnerability is CVE-2018-0475?

This is classified as CWE-20, which is a common weakness in software security.

CVE-2018-0475 - HIGH Severity | CVSS 7.4

Vulnerability Description

A vulnerability in the implementation of the cluster feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation when handling Cluster Management Protocol (CMP) messages. An attacker could exploit this vulnerability by sending a malicious CMP message to an affected device. A successful exploit could allow the attacker to cause the switch to crash and reload or to hang, resulting in a DoS condition. If the switch hangs it will not reboot automatically, and it will need to be power cycled manually to recover.

Related Vulnerabilities

CVE-2012-0051

HIGH

CVSS:7.4(High)

Tahoe-LAFS 1.9.0 fails to ensure integrity which allows remote attackers to corrupt mutable files or directories upon retrieval.

CWE-202012

CVE-2012-1326

HIGH

CVSS:7.4(High)

Cisco IronPort Web Security Appliance up to and including 7.5 does not validate the basic constraints of the certificate authority which could lead to MITM attacks

CWE-202012

CVE-2013-0243

HIGH

CVSS:7.4(High)

haskell-tls-extra before 0.6.1 has Basic Constraints attribute vulnerability may lead to Man in the Middle attacks on TLS connections

CWE-202013

CVE-2015-8331

HIGH

CVSS:7.4(High)

The Operation and Maintenance Unit (OMU) in Huawei VCN500 with software before V100R002C00SPC200 does not properly invalidate the session ID when an "abnormal exit" occurs, which allows remote attacke...

CWE-202015

CVE-2015-8466

HIGH

CVSS:7.4(High)

Swift3 before 1.9 allows remote attackers to conduct replay attacks via an Authorization request that lacks a Date header.

CWE-202015

CVE-2015-8870

HIGH

CVSS:7.4(High)

Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows remote attackers to cause a denial of service (heap-based buffer over-read), or possibly obtain sensitive information from process m...

CWE-202015