CVE-2018-0475

Name of the Vulnerable Software and Affected Versions Cisco IOS and Cisco IOS XE Software (affected versions not specified)

Description The issue is due to improper input validation when handling Cluster Management Protocol (CMP) messages, which could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. An attacker could exploit this by sending a malicious CMP message to an affected device, potentially causing the switch to crash and reload or to hang, resulting in a DoS condition. If the switch hangs, it will not reboot automatically and will need to be power cycled manually to recover.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.