How severe is CVE-2018-15369?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.8 out of 10.

What type of vulnerability is CVE-2018-15369?

This is classified as CWE-20, which is a common weakness in software security.

CVE-2018-15369

MEDIUM Year: 2018

CVSS v3 Score

6.8

Medium

CVSS v2 Score

7.8

High

Weakness Type

CWE-20

View all →

Vulnerability Description

A vulnerability in the TACACS+ client subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of crafted TACACS+ response packets by the affected software. An attacker could exploit this vulnerability by injecting a crafted TACACS+ packet into an existing TACACS+ session between an affected device and a TACACS+ server or by impersonating a known, valid TACACS+ server and sending a crafted TACACS+ packet to an affected device when establishing a connection to the device. To exploit this vulnerability by using either method, the attacker must know the shared TACACS+ secret and the crafted packet must be sent in response to a TACACS+ request from a TACACS+ client. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.

CVE-2015-1928

MEDIUM

CVSS:6.8(Medium)

Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.x before 6.0.0 IF4; Rational Quality Manager (RQ...

CWE-202015

CVE-2015-8373

MEDIUM

CVSS:6.8(Medium)

The kea-dhcp4 and kea-dhcp6 servers 0.9.2 and 1.0.0-beta in ISC Kea, when certain debugging settings are used, allow remote attackers to cause a denial of service (daemon crash) via a malformed packet...

CWE-202015

CVE-2016-0774

MEDIUM

CVSS:6.8(Medium)

The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in a certain Linux kernel backport in the linux package before 3.2.73-2+deb7u3 on Debian wheezy and the kernel package before 3.10.0-2...

CWE-202016

CVE-2016-1563

MEDIUM

CVSS:6.8(Medium)

NetApp Clustered Data ONTAP 8.3.1 does not properly verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...

CWE-202016

CVE-2016-2088

MEDIUM

CVSS:6.8(Medium)

resolver.c in named in ISC BIND 9.10.x before 9.10.3-P4, when DNS cookies are enabled, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed p...

CWE-202016

CVE-2016-2270

MEDIUM

CVSS:6.8(Medium)

Xen 4.6.x and earlier allows local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings.

CWE-202016

CVE-2018-15369

Vulnerability Description

Related Vulnerabilities

CVE-2015-1928

CVE-2015-8373

CVE-2016-0774

CVE-2016-1563

CVE-2016-2088

CVE-2016-2270