How severe is CVE-2018-15428?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.8 out of 10.

What type of vulnerability is CVE-2018-15428?

This is classified as CWE-20, which is a common weakness in software security.

CVE-2018-15428

MEDIUM Year: 2018

CVSS v3 Score

6.8

Medium

CVSS v2 Score

4.3

Medium

Weakness Type

CWE-20

View all →

Vulnerability Description

A vulnerability in the implementation of Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain BGP update messages. An attacker could exploit this vulnerability by sending BGP update messages that include a specific, malformed attribute to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer.

CVE-2015-1928

MEDIUM

CVSS:6.8(Medium)

Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.x before 6.0.0 IF4; Rational Quality Manager (RQ...

CWE-202015

CVE-2015-8373

MEDIUM

CVSS:6.8(Medium)

The kea-dhcp4 and kea-dhcp6 servers 0.9.2 and 1.0.0-beta in ISC Kea, when certain debugging settings are used, allow remote attackers to cause a denial of service (daemon crash) via a malformed packet...

CWE-202015

CVE-2016-0774

MEDIUM

CVSS:6.8(Medium)

The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in a certain Linux kernel backport in the linux package before 3.2.73-2+deb7u3 on Debian wheezy and the kernel package before 3.10.0-2...

CWE-202016

CVE-2016-1563

MEDIUM

CVSS:6.8(Medium)

NetApp Clustered Data ONTAP 8.3.1 does not properly verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...

CWE-202016

CVE-2016-2088

MEDIUM

CVSS:6.8(Medium)

resolver.c in named in ISC BIND 9.10.x before 9.10.3-P4, when DNS cookies are enabled, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed p...

CWE-202016

CVE-2016-2270

MEDIUM

CVSS:6.8(Medium)

Xen 4.6.x and earlier allows local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings.

CWE-202016

CVE-2018-15428

Vulnerability Description

Related Vulnerabilities

CVE-2015-1928

CVE-2015-8373

CVE-2016-0774

CVE-2016-1563

CVE-2016-2088

CVE-2016-2270