CVE-2018-0159

CVE-2018-0159

Vendor N/A
Product Cisco IOS and IOS XE
Weakness CWE-20 · Input validation
KEV Status Known Exploited
Published March 28, 2018
Last update January 12, 2026
View on NVD All CVEs

CVSS base score

What the vulnerability does

01Description

A vulnerability in the implementation of Internet Key Exchange Version 1 (IKEv1) functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of specific IKEv1 packets. An attacker could exploit this vulnerability by sending crafted IKEv1 packets to an affected device during an IKE negotiation. A successful exploit could allow the attacker to cause an affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCuj73916.

CISA mandated remediation

02CISA Required Action

Apply updates per vendor instructions.

Key dates

03Disclosure timeline

March 28, 2018 CVE published
January 12, 2026 Record updated

Related vulnerabilities

05Related CVE

CVE-2025-21370 Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability CVE-2026-34442 FreeScout: Host Header Injection Leading to External Resource Loading and Open Redirect in FreeScout CVE-2020-3542 Cisco Webex Training Unauthorized Meeting Join Vulnerability CVE-2021-31376 Junos OS: ACX Series: Packet Forwarding Engine manager (FXPC) process crashes when processing DHCPv6 packets CVE-2023-27491 Envoy forwards invalid Http2/Http3 downstream headers