製品・ソフトウェアに関する情報

JVN脆弱性詳細

Cisco IOS XE ソフトウェアにおけるバッファエラーの脆弱性

Title	Cisco IOS XE ソフトウェアにおけるバッファエラーの脆弱性
Summary	Cisco IOS XE ソフトウェアには、バッファエラーの脆弱性が存在します。ベンダは、本脆弱性を Bug ID CSCvi25380 として公開しています。
Possible impacts	情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	June 6, 2018, midnight
Registration Date	Aug. 7, 2018, 6:05 p.m.
Last Update	Aug. 7, 2018, 6:05 p.m.

Affected System

シスコシステムズ

Cisco IOS XE Fuji 16.7.1

Cisco IOS XE Fuji 16.8.1

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2018-0315	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0315
National Vulnerability Database (NVD)
2	CVE-2018-0315	https://nvd.nist.gov/vuln/detail/CVE-2018-0315

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-119	https://jvndb.jvn.jp/ja/cwe/CWE-119.html

ベンダー情報

No	Name	URL
Cisco Security Advisory
1	cisco-sa-20180606-aaa	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-aaa

Change Log

No	Changed Details	Date of change
1	[2018年08月07日] 掲載	Aug. 7, 2018, 6:05 p.m.

NVD Vulnerability Information

CVE-2018-0315

Summary	A vulnerability in the authentication, authorization, and accounting (AAA) security services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device or cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to incorrect memory operations that the affected software performs when the software parses a username during login authentication. An attacker could exploit this vulnerability by attempting to authenticate to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the affected device or cause the affected device to reload, resulting in a DoS condition. This vulnerability affects Cisco devices that are running Cisco IOS XE Software Release Fuji 16.7.1 or Fuji 16.8.1 and are configured to use AAA for login authentication. Cisco Bug IDs: CSCvi25380.
Publication Date	June 7, 2018, 9:29 p.m.
Registration Date	March 1, 2021, 6:36 p.m.
Last Update	Nov. 21, 2024, 12:37 p.m.

Affected software configurations

Related information, measures and tools

No	URL	タグ
1	http://www.securityfocus.com/bid/104410	Third Party Advisory VDB Entry
2	http://www.securityfocus.com/bid/104410	Third Party Advisory VDB Entry
3	http://www.securitytracker.com/id/1041086	Broken Link Third Party Advisory VDB Entry
4	http://www.securitytracker.com/id/1041086	Broken Link Third Party Advisory VDB Entry
5	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-aaa	Vendor Advisory
6	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-aaa	Vendor Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html