How severe is CVE-2018-0476?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2018-0476?

This is classified as CWE-399, which is a common weakness in software security.

CVE-2018-0476

MEDIUM Year: 2018

CVSS v3 Score

5.9

Medium

CVSS v2 Score

7.1

High

Weakness Type

CWE-399

View all →

Vulnerability Description

A vulnerability in the Network Address Translation (NAT) Session Initiation Protocol (SIP) Application Layer Gateway (ALG) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper processing of SIP packets in transit while NAT is performed on an affected device. An unauthenticated, remote attacker could exploit this vulnerability by sending crafted SIP packets via UDP port 5060 through an affected device that is performing NAT for SIP packets. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition.

CVE-2014-9686

MEDIUM

CVSS:5.9(Medium)

The Googlemaps plugin 3.2 and earlier for Joomla! allows remote attackers with control of a sub-domain belonging to a victim domain to cause a denial of service via the 'url' parameter to plugin_googl...

CWE-3992014

CVE-2016-10259

MEDIUM

CVSS:5.9(Medium)

Symantec SSL Visibility (SSLV) 3.8.4FC, 3.9, 3.10 before 3.10.4.1, and 3.11 before 3.11.3.1 is susceptible to a denial-of-service vulnerability that impacts the SSL servers for intercepted SSL connect...

CWE-3992016

CVE-2016-1276

MEDIUM

CVSS:5.9(Medium)

Juniper Junos OS before 12.1X46-D50, 12.1X47 before 12.1X47-D23, 12.3X48 before 12.3X48-D25, and 15.1X49 before 15.1X49-D40 on a High-End SRX-Series chassis system with one or more Application Layer G...

CWE-3992016

CVE-2016-1344

MEDIUM

CVSS:5.9(Medium)

The IKEv2 implementation in Cisco IOS 15.0 through 15.6 and IOS XE 3.3 through 3.17 allows remote attackers to cause a denial of service (device reload) via fragmented packets, aka Bug ID CSCux38417.

CWE-3992016

CVE-2016-1346

MEDIUM

CVSS:5.9(Medium)

The kernel in Cisco TelePresence Server 3.0 through 4.2(4.18) on Mobility Services Engine (MSE) 8710 devices allows remote attackers to cause a denial of service (panic and reboot) via a crafted seque...

CWE-3992016

CVE-2016-1546

MEDIUM

CVSS:5.9(Medium)

The Apache HTTP Server 2.4.17 and 2.4.18, when mod_http2 is enabled, does not limit the number of simultaneous stream workers for a single HTTP/2 connection, which allows remote attackers to cause a d...

CWE-3992016

CVE-2018-0476

Vulnerability Description

Related Vulnerabilities

CVE-2014-9686

CVE-2016-10259

CVE-2016-1276

CVE-2016-1344

CVE-2016-1346

CVE-2016-1546