CVE-2018-0158

CVE-2018-0158

Vendor N/A

Product Cisco IOS and IOS XE

Weakness CWE-20 · Input validation

KEV Status Known Exploited

Published March 28, 2018

Last update January 12, 2026

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain IKEv2 packets. An attacker could exploit this vulnerability by sending crafted IKEv2 packets to an affected device to be processed. A successful exploit could cause an affected device to continuously consume memory and eventually reload, resulting in a DoS condition. Cisco Bug IDs: CSCvf22394.

CISA mandated remediation

02CISA Required Action

Apply updates per vendor instructions.

Key dates

03Disclosure timeline

March 28, 2018 CVE published

January 12, 2026 Record updated

External resources

04References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2018-0158 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/20.html CISA KEV Reference https://nvd.nist.gov/vuln/detail/CVE-2018-0158

Related vulnerabilities

01Description

02CISA Required Action

03Disclosure timeline

04References

05Related CVE