—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco IOS XE Software Authentication, Authorization, and Accounting Login Authentication Remote Code Execution Vulnerability

Advisory ID: cisco-sa-20180606-aaa

Revision: 1.0

For Public Release: 2018 June 6 16:00 GMT

Last Updated: 2018 June 6 16:00 GMT

CVE ID(s): CVE-2018-0315

CVSS Score v(3): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

+———————————————————————

Summary

=======

A vulnerability in the authentication, authorization, and accounting (AAA) security services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device or cause an affected device to reload, resulting in a denial of service (DoS) condition.

The vulnerability is due to incorrect memory operations that the affected software performs when the software parses a username during login authentication. An attacker could exploit this vulnerability by attempting to authenticate to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the affected device or cause the affected device to reload, resulting in a DoS condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-aaa [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-aaa”]

—–BEGIN PGP SIGNATURE—–

iQJ5BAEBAgBjBQJbGAZLXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfczfgoP/1kdxRrAc1d7N0YvjXO+8F6auOHl
Hb4TV1wv71NpMSoABYM4xq7NYZx/4tCOzZ3vFtOXp5xuAszpsH4rWO3yjny+w2zG
QEcGYVHfpf7TB+sEnSDePNuOGZuqI5cWzybb/iQV6Av62LMdsGgf+tDrk+ZAU12M
o5ZMbjKVtbx8rDciW47G/x8/+M6Xqe5D+AQmfNtKHaswPoPi5RpWg+yY6nAp82Vg
zU0QEa0CP3ip//04J2grMpnSaIG8rEG913JI7Bc6P6kbbjOPyLn3/Bo6nbB6N1ed
2BuYLUUpWGBA4O+Lrmidgr7YAUsdPiOONofcTCyD/qre0zy45y5h013zHAes9lET
y6eER60KyPzph5bZXC2cf1I4LSOmJp0H7JZRfVk72QZ3GZwms2XYkuaxc4Pkkt+m
jPsMUxJo/eAWcuJeeocWChldZGn64/ibpTllN31s8IkBwWxvnMv9L5CuPfsm+u49
MkxkLNsJUgUhhQvR5xDwUXUu7yzhDr/hmf8WHCqwLCJPm++BcPuaHRwMq3nasK1e
jK6aP4+YBBHLuKyprYLE1/6qqXiKVCpy2iOWZu3y6ZHrzp2W7omZzgCDzPmmWfLv
iQNFqRzGwZ1ZiVqWL8RAPgiz79INIFdaTq5t/K6fCX/XqXkE4pwrrunNwTMq0V7S
8AaRggm71qucgiTU
=l1Bm
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com