VDB-124886 · CVE-2018-15374 · BID 105415

Cisco IOS XE Digital Signature Verification signature verification

A vulnerability, which was classified as critical, has been found in Cisco IOS XE (Router Operating System) (affected version not known). Affected by this issue is some unknown processing of the component Digital Signature Verification. Upgrading eliminates this vulnerability.

Field10/06/2018 11:04 AM03/30/2020 02:49 PM
typeRouter Operating SystemRouter Operating System
vendorCiscoCisco
nameIOS XEIOS XE
componentDigital Signature VerificationDigital Signature Verification
cwe347 (signature verification)347 (signature verification)
risk22
historic00
cvss2_vuldb_basescore4.14.1
cvss2_vuldb_tempscore3.63.6
cvss2_vuldb_avLL
cvss2_vuldb_acMM
cvss2_vuldb_auSS
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_nvd_avLL
cvss2_nvd_acLL
cvss2_nvd_auNN
cvss2_nvd_ciCC
cvss2_nvd_iiCC
cvss2_nvd_aiCC
cvss3_meta_basescore6.06.0
cvss3_meta_tempscore5.75.7
cvss3_vuldb_basescore5.35.3
cvss3_vuldb_tempscore5.15.1
cvss3_vuldb_avLL
cvss3_vuldb_acLL
cvss3_vuldb_prLL
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
cvss3_nvd_avLL
cvss3_nvd_acLL
cvss3_nvd_prHH
cvss3_nvd_uiNN
cvss3_nvd_sUU
cvss3_nvd_cHH
cvss3_nvd_iHH
cvss3_nvd_aHH
date1538690400 (10/05/2018)1538690400 (10/05/2018)
locationWebsiteWebsite
typeAdvisoryAdvisory
urlhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-digsighttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-digsig
identifiercisco-sa-20180926-digsigcisco-sa-20180926-digsig
price_0day$5k-$25k$5k-$25k
nameUpgradeUpgrade
cveCVE-2018-15374CVE-2018-15374
cve_assigned1534456800 (08/17/2018)1534456800 (08/17/2018)
cve_nvd_published15386976001538697600
cve_nvd_summaryA vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install a malicious software image or file on an affected device. The vulnerability is due to the affected software improperly verifying digital signatures for software images and files that are uploaded to a device. An attacker could exploit this vulnerability by uploading a malicious software image or file to an affected device. A successful exploit could allow the attacker to bypass digital signature verification checks for software images and files and install a malicious software image or file on the affected device.A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install a malicious software image or file on an affected device. The vulnerability is due to the affected software improperly verifying digital signatures for software images and files that are uploaded to a device. An attacker could exploit this vulnerability by uploading a malicious software image or file to an affected device. A successful exploit could allow the attacker to bypass digital signature verification checks for software images and files and install a malicious software image or file on the affected device.
oval_idoval:org.cisecurity:def:5799oval:org.cisecurity:def:5799
securityfocus105415105415
securityfocus_titleCisco IOS XE Software CVE-2018-15374 Local Security Bypass VulnerabilityCisco IOS XE Software CVE-2018-15374 Local Security Bypass Vulnerability
qualys_id316332316332
qualys_titleCisco IOS XE Software Digital Signature Verification Bypass Vulnerability(cisco-sa-20180926-digsig)Cisco IOS XE Software Digital Signature Verification Bypass Vulnerability(cisco-sa-20180926-digsig)
seealso124884 124883124884 124883
cvss2_vuldb_eNDND
cvss2_vuldb_rlOFOF
cvss2_vuldb_rcCC
cvss3_vuldb_eXX
cvss3_vuldb_rlOO
cvss3_vuldb_rcCC
0day_days99
cvss3_nvd_basescore6.76.7
discoverydate1537920000
company_nameCisco
securityfocus_date1537920000 (09/26/2018)
securityfocus_classDesign Error

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!