CVE-2018-0315

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software versions Fuji 16.7.1 through Fuji 16.8.1

Description A vulnerability in the authentication, authorization, and accounting (AAA) security services could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device or cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to incorrect memory operations that the affected software performs when the software parses a username during login authentication. An attacker could exploit this vulnerability by attempting to authenticate to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the affected device or cause the affected device to reload, resulting in a DoS condition.

Recommendations For Cisco IOS XE Software versions Fuji 16.7.1 through Fuji 16.8.1, update to a newer version that addresses this vulnerability. As a temporary workaround, consider restricting access to the AAA security services until a patch is available. Avoid using the username parameter in the affected login authentication process until the issue is resolved.