How severe is CVE-2018-15377?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.6 out of 10.

What type of vulnerability is CVE-2018-15377?

This is classified as CWE-400, which is a common weakness in software security.

CVE-2018-15377 - HIGH Severity | CVSS 8.6

Vulnerability Description

A vulnerability in the Cisco Network Plug and Play agent, also referred to as the Cisco Open Plug-n-Play agent, of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. The vulnerability is due to insufficient input validation by the affected software. An attacker could exploit this vulnerability by sending invalid data to the Cisco Network Plug and Play agent on an affected device. A successful exploit could allow the attacker to cause a memory leak on the affected device, which could cause the device to reload.

Related Vulnerabilities

CVE-2015-1779

HIGH

CVSS:8.6(High)

The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.

CWE-4002015

CVE-2016-6171

HIGH

CVSS:8.6(High)

Knot DNS before 2.3.0 allows remote DNS servers to cause a denial of service (memory exhaustion and slave server crash) via a large zone transfer for (1) DDNS, (2) AXFR, or (3) IXFR.

CWE-4002016

CVE-2017-15119

HIGH

CVSS:8.6(High)

The Network Block Device (NBD) server in Quick Emulator (QEMU) before 2.11 is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CP...

CWE-4002017

CVE-2017-17051

HIGH

CVSS:8.6(High)

An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hyperv...

CWE-4002017

CVE-2017-9627

HIGH

CVSS:8.6(High)

An Uncontrolled Resource Consumption issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The uncontrolled resource consumption vulnerability cou...

CWE-4002017

CVE-2018-0086

HIGH

CVSS:8.6(High)

A vulnerability in the application server of the Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected ...

CWE-4002018