CVE-2018-0088

Name of the Vulnerable Software and Affected Versions: Cisco Industrial Ethernet 4010 Series Switches running Cisco IOS Software (affected versions not specified)

Description: A vulnerability in the diagnostic test CLI commands could allow an authenticated, local attacker to impact the stability of the device, potentially resulting in arbitrary code execution or a denial of service (DoS) condition. The attacker must have valid user credentials at privilege level 15. The issue is due to a diagnostic test CLI command that allows writing to the device memory. An attacker could exploit this by authenticating to the device and issuing a specific diagnostic test command, potentially overwriting system memory locations and negatively impacting the device's stability.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.