Cisco Event Response Page

Cisco Event Response: March 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication

Doc ID:

ERP-66682

First Published:

2018 March 28 16:00 GMT

Version:

1.0

Summary

Cisco released its semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication on March 28, 2018. In direct response to customer feedback, Cisco releases bundles of Cisco IOS and IOS XE Software Security Advisories on the fourth Wednesday of the month in March and September of each calendar year.

The March 28, 2018, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication includes 20 Cisco Security Advisories that describe 22 vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. One of the advisories describes a vulnerability that also exists in Cisco IOS XR Software. Cisco has released software updates that address these vulnerabilities.

Three of the vulnerabilities have a Security Impact Rating (SIR) of Critical. The remaining 19 vulnerabilities have a SIR of High. Successful exploitation of the vulnerabilities could allow an attacker to gain unauthorized access to an affected device, gain elevated privileges for an affected device, execute arbitrary code, or cause a denial of service (DoS) condition on an affected device.

Eleven of the vulnerabilities affect both Cisco IOS Software and Cisco IOS XE Software. One of the vulnerabilities affects Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software. Of the remaining vulnerabilities, two affect only Cisco IOS Software and eight affect only Cisco IOS XE Software. Cisco has confirmed that none of the vulnerabilities affect Cisco NX-OS Software.

To quickly determine if a specific Cisco IOS or IOS XE Software release is affected by one or more vulnerabilities, use the Cisco IOS Software Checker.

Details

The following table identifies Cisco Security content that is associated with this Cisco IOS and IOS XE Software Security Advisory Bundled Publication:

Cisco Security Advisory	CVE ID	Security Impact Rating	CVSS Base Score	IPS Signature
cisco-sa-20180328-bfd Cisco IOS and IOS XE Software Bidirectional Forwarding Detection Denial of Service Vulnerability	CVE-2018-0155	High	8.6	Cisco IOS and IOS XE Software Bidirectional Forwarding Detection Denial of Service
cisco-sa-20180328-dhcpr3 Cisco IOS and IOS XE Software DHCP Version 4 Relay Denial of Service Vulnerability	CVE-2018-0174	High	8.6	—
cisco-sa-20180328-dhcpr1 Cisco IOS and IOS XE Software DHCP Version 4 Relay Heap Overflow Denial of Service Vulnerability	CVE-2018-0172	High	8.6	—
cisco-sa-20180328-dhcpr2 Cisco IOS and IOS XE Software DHCP Version 4 Relay Reply Denial of Service Vulnerability	CVE-2018-0173	High	8.6	—
cisco-sa-20180328-ike Cisco IOS and IOS XE Software Internet Key Exchange Memory Leak Vulnerability	CVE-2018-0158	High	8.6	—
cisco-sa-20180328-ike-dos Cisco IOS and IOS XE Software Internet Key Exchange Version 1 Denial of Service Vulnerability	CVE-2018-0159	High	8.6	—
cisco-sa-20180328-qos Cisco IOS and IOS XE Software Quality of Service Remote Code Execution Vulnerability	CVE-2018-0151	Critical	9.8	Cisco IOS and IOS XE Software Quality of Service Remote Code Execution
cisco-sa-20180328-smi Cisco IOS and IOS XE Software Smart Install Denial of Service Vulnerability	CVE-2018-0156	High	8.6	—
cisco-sa-20180328-smi2 Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability	CVE-2018-0171	Critical	9.8	Cisco IOS and IOS XE Software Smart Install Remote Code Execution, Cisco IOS and IOS XE Software Smart Install Remote Code Execution
cisco-sa-20180328-dos Cisco IOS Software Integrated Services Module for VPN Denial of Service Vulnerability	CVE-2018-0154	High	8.6	—
cisco-sa-20180328-snmp Cisco IOS Software Simple Network Management Protocol GET MIB Object ID Denial of Service Vulnerability	CVE-2018-0161	High	7.7	—
cisco-sa-20180328-ipv4 Cisco IOS XE Software for Cisco Catalyst Switches IPv4 Denial of Service Vulnerability	CVE-2018-0177	High	8.6	—
cisco-sa-20180328-igmp Cisco IOS XE Software Internet Group Management Protocol Memory Leak Vulnerability	CVE-2018-0165	High	7.4	—
cisco-sa-20180328-snmp-dos Cisco IOS XE Software Simple Network Management Protocol Double-Free Denial of Service Vulnerability	CVE-2018-0160	High	7.7	—
cisco-sa-20180328-xesc Cisco IOS XE Software Static Credential Vulnerability	CVE-2018-0150	Critical	9.8	—
cisco-sa-20180328-privesc1 Cisco IOS XE Software User EXEC Mode Root Shell Access Vulnerabilities	CVE-2018-0169 CVE-2018-0176	High	7.8	—
cisco-sa-20180328-xepriv Cisco IOS XE Software Web UI Remote Access Privilege Escalation Vulnerability	CVE-2018-0152	High	8.8	—
cisco-sa-20180328-opendns-dos Cisco IOS XE Software with Cisco Umbrella Integration Denial of Service Vulnerability	CVE-2018-0170	High	8.6	—
cisco-sa-20180328-fwip Cisco IOS XE Software Zone-Based Firewall IP Fragmentation Denial of Service Vulnerability	CVE-2018-0157	High	8.6	—
cisco-sa-20180328-lldp Cisco IOS, IOS XE, and IOS XR Software Link Layer Discovery Protocol Buffer Overflow Vulnerabilities	CVE-2018-0167 CVE-2018-0175	High	8.8	—

Related Resources

Cisco Security Vulnerability Policy
MITRE Common Vulnerabilities and Exposures
Common Vulnerability Scoring System and the Security Impact Rating
Common Vulnerability Scoring System Q & A
Cisco IPS Signature Downloads