CVE-2018-0484 MEDIUM

CVE-2018-0484: Cisco IOS and IOS XE Software Secure Shell Connection on VRF Vulnerability

Vendor Cisco

Product Cisco IOS

Weakness CWE-284

Published January 10, 2019

Last update November 19, 2024

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability in the access control logic of the Secure Shell (SSH) server of Cisco IOS and IOS XE Software may allow connections sourced from a virtual routing and forwarding (VRF) instance despite the absence of the vrf-also keyword in the access-class configuration. The vulnerability is due to a missing check in the SSH server. An attacker could use this vulnerability to open an SSH connection to an affected Cisco IOS or IOS XE device with a source address belonging to a VRF instance. Once connected, the attacker would still need to provide valid credentials to access the device.

Key dates

02Disclosure timeline

January 10, 2019 CVE published

November 19, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2018-0484

Related vulnerabilities

CVE-2018-0484: Cisco IOS and IOS XE Software Secure Shell Connection on VRF Vulnerability

01Description

02Disclosure timeline

03References

04Related CVE