Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-15377 (GCVE-0-2018-15377)
Vulnerability from cvelistv5 – Published: 2018-10-05 14:00 – Updated: 2024-11-26 14:35
VLAI?
EPSS
Summary
A vulnerability in the Cisco Network Plug and Play agent, also referred to as the Cisco Open Plug-n-Play agent, of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. The vulnerability is due to insufficient input validation by the affected software. An attacker could exploit this vulnerability by sending invalid data to the Cisco Network Plug and Play agent on an affected device. A successful exploit could allow the attacker to cause a memory leak on the affected device, which could cause the device to reload.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco IOS Software |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:54:02.656Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20180926 Cisco IOS and IOS XE Software Plug and Play Agent Memory Leak Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-pnp-memleak"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-094-02"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-15377",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-25T18:53:07.530632Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T14:35:06.039Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-09-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Cisco Network Plug and Play agent, also referred to as the Cisco Open Plug-n-Play agent, of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. The vulnerability is due to insufficient input validation by the affected software. An attacker could exploit this vulnerability by sending invalid data to the Cisco Network Plug and Play agent on an affected device. A successful exploit could allow the attacker to cause a memory leak on the affected device, which could cause the device to reload."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-12T20:02:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20180926 Cisco IOS and IOS XE Software Plug and Play Agent Memory Leak Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-pnp-memleak"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-094-02"
}
],
"source": {
"advisory": "cisco-sa-20180926-pnp-memleak",
"defect": [
[
"CSCvi30136"
]
],
"discovery": "UNKNOWN"
},
"title": "Cisco IOS and IOS XE Software Plug and Play Agent Memory Leak Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2018-09-26T16:00:00-0500",
"ID": "CVE-2018-15377",
"STATE": "PUBLIC",
"TITLE": "Cisco IOS and IOS XE Software Plug and Play Agent Memory Leak Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IOS Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Cisco Network Plug and Play agent, also referred to as the Cisco Open Plug-n-Play agent, of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. The vulnerability is due to insufficient input validation by the affected software. An attacker could exploit this vulnerability by sending invalid data to the Cisco Network Plug and Play agent on an affected device. A successful exploit could allow the attacker to cause a memory leak on the affected device, which could cause the device to reload."
}
]
},
"impact": {
"cvss": {
"baseScore": "6.8",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180926 Cisco IOS and IOS XE Software Plug and Play Agent Memory Leak Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-pnp-memleak"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-094-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-094-02"
}
]
},
"source": {
"advisory": "cisco-sa-20180926-pnp-memleak",
"defect": [
[
"CSCvi30136"
]
],
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2018-15377",
"datePublished": "2018-10-05T14:00:00Z",
"dateReserved": "2018-08-17T00:00:00",
"dateUpdated": "2024-11-26T14:35:06.039Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:15.7\\\\(3.1s\\\\)m:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4B371D52-242A-4B18-B1B0-728C8A3521E8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:denali-16.3.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BC5B9B8A-ABD0-452D-A384-5CBCD9B8958D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ios:everest-16.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"99B5A36C-18B0-4A1B-A1A5-A9E36EC23E0B\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability in the Cisco Network Plug and Play agent, also referred to as the Cisco Open Plug-n-Play agent, of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. The vulnerability is due to insufficient input validation by the affected software. An attacker could exploit this vulnerability by sending invalid data to the Cisco Network Plug and Play agent on an affected device. A successful exploit could allow the attacker to cause a memory leak on the affected device, which could cause the device to reload.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad en el agente Cisco Network Plug and Play tambi\\u00e9n llamado agente Cisco Open Plug-n-Play, de Cisco IOS Software y Cisco IOS XE Software podr\\u00eda permitir que un atacante remoto no autenticado provoque una fuga de memoria en un dispositivo afectado. Esta vulnerabilidad tambi\\u00e9n se debe a la insuficiente validaci\\u00f3n de entrada por parte del software afectado. Un atacante podr\\u00eda explotar esta vulnerabilidad mediante el env\\u00edo de datos inv\\u00e1lidos al agente Cisco Network Plug and Play en un dispositivo afectado. Su explotaci\\u00f3n con \\u00e9xito podr\\u00eda permitir que el atacante provoque una fuga de memoria en el dispositivo afectado, lo que podr\\u00eda provocar el reinicio del dispositivo.\"}]",
"id": "CVE-2018-15377",
"lastModified": "2024-11-21T03:50:39.487",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\", \"baseScore\": 8.6, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 4.0}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:C\", \"baseScore\": 7.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2018-10-05T14:29:06.887",
"references": "[{\"url\": \"https://ics-cert.us-cert.gov/advisories/ICSA-19-094-02\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-pnp-memleak\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://ics-cert.us-cert.gov/advisories/ICSA-19-094-02\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-pnp-memleak\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"ykramarz@cisco.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-400\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-401\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2018-15377\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2018-10-05T14:29:06.887\",\"lastModified\":\"2024-11-21T03:50:39.487\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the Cisco Network Plug and Play agent, also referred to as the Cisco Open Plug-n-Play agent, of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. The vulnerability is due to insufficient input validation by the affected software. An attacker could exploit this vulnerability by sending invalid data to the Cisco Network Plug and Play agent on an affected device. A successful exploit could allow the attacker to cause a memory leak on the affected device, which could cause the device to reload.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en el agente Cisco Network Plug and Play tambi\u00e9n llamado agente Cisco Open Plug-n-Play, de Cisco IOS Software y Cisco IOS XE Software podr\u00eda permitir que un atacante remoto no autenticado provoque una fuga de memoria en un dispositivo afectado. Esta vulnerabilidad tambi\u00e9n se debe a la insuficiente validaci\u00f3n de entrada por parte del software afectado. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de datos inv\u00e1lidos al agente Cisco Network Plug and Play en un dispositivo afectado. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir que el atacante provoque una fuga de memoria en el dispositivo afectado, lo que podr\u00eda provocar el reinicio del dispositivo.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\",\"baseScore\":8.6,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":4.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":7.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-401\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:15.7\\\\(3.1s\\\\)m:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B371D52-242A-4B18-B1B0-728C8A3521E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:denali-16.3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC5B9B8A-ABD0-452D-A384-5CBCD9B8958D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ios:everest-16.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99B5A36C-18B0-4A1B-A1A5-A9E36EC23E0B\"}]}]}],\"references\":[{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-19-094-02\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-pnp-memleak\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-19-094-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-pnp-memleak\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-pnp-memleak\", \"name\": \"20180926 Cisco IOS and IOS XE Software Plug and Play Agent Memory Leak Vulnerability\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\", \"x_transferred\"]}, {\"url\": \"https://ics-cert.us-cert.gov/advisories/ICSA-19-094-02\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-05T09:54:02.656Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2018-15377\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-25T18:53:07.530632Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-25T18:54:20.439Z\"}}], \"cna\": {\"title\": \"Cisco IOS and IOS XE Software Plug and Play Agent Memory Leak Vulnerability\", \"source\": {\"defect\": [[\"CSCvi30136\"]], \"advisory\": \"cisco-sa-20180926-pnp-memleak\", \"discovery\": \"UNKNOWN\"}, \"affected\": [{\"vendor\": \"Cisco\", \"product\": \"Cisco IOS Software\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"datePublic\": \"2018-09-26T00:00:00\", \"references\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-pnp-memleak\", \"name\": \"20180926 Cisco IOS and IOS XE Software Plug and Play Agent Memory Leak Vulnerability\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\"]}, {\"url\": \"https://ics-cert.us-cert.gov/advisories/ICSA-19-094-02\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in the Cisco Network Plug and Play agent, also referred to as the Cisco Open Plug-n-Play agent, of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. The vulnerability is due to insufficient input validation by the affected software. An attacker could exploit this vulnerability by sending invalid data to the Cisco Network Plug and Play agent on an affected device. A successful exploit could allow the attacker to cause a memory leak on the affected device, which could cause the device to reload.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-400\", \"description\": \"CWE-400\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2019-04-12T20:02:00\"}, \"x_legacyV4Record\": {\"impact\": {\"cvss\": {\"version\": \"3.0\", \"baseScore\": \"6.8\"}}, \"source\": {\"defect\": [[\"CSCvi30136\"]], \"advisory\": \"cisco-sa-20180926-pnp-memleak\", \"discovery\": \"UNKNOWN\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"Cisco IOS Software\"}]}, \"vendor_name\": \"Cisco\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-pnp-memleak\", \"name\": \"20180926 Cisco IOS and IOS XE Software Plug and Play Agent Memory Leak Vulnerability\", \"refsource\": \"CISCO\"}, {\"url\": \"https://ics-cert.us-cert.gov/advisories/ICSA-19-094-02\", \"name\": \"https://ics-cert.us-cert.gov/advisories/ICSA-19-094-02\", \"refsource\": \"MISC\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"A vulnerability in the Cisco Network Plug and Play agent, also referred to as the Cisco Open Plug-n-Play agent, of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. The vulnerability is due to insufficient input validation by the affected software. An attacker could exploit this vulnerability by sending invalid data to the Cisco Network Plug and Play agent on an affected device. A successful exploit could allow the attacker to cause a memory leak on the affected device, which could cause the device to reload.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-400\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2018-15377\", \"STATE\": \"PUBLIC\", \"TITLE\": \"Cisco IOS and IOS XE Software Plug and Play Agent Memory Leak Vulnerability\", \"ASSIGNER\": \"psirt@cisco.com\", \"DATE_PUBLIC\": \"2018-09-26T16:00:00-0500\"}}}}",
"cveMetadata": "{\"cveId\": \"CVE-2018-15377\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-26T14:35:06.039Z\", \"dateReserved\": \"2018-08-17T00:00:00\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2018-10-05T14:00:00Z\", \"assignerShortName\": \"cisco\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
FKIE_CVE-2018-15377
Vulnerability from fkie_nvd - Published: 2018-10-05 14:29 - Updated: 2024-11-21 03:50
Severity ?
Summary
A vulnerability in the Cisco Network Plug and Play agent, also referred to as the Cisco Open Plug-n-Play agent, of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. The vulnerability is due to insufficient input validation by the affected software. An attacker could exploit this vulnerability by sending invalid data to the Cisco Network Plug and Play agent on an affected device. A successful exploit could allow the attacker to cause a memory leak on the affected device, which could cause the device to reload.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@cisco.com | https://ics-cert.us-cert.gov/advisories/ICSA-19-094-02 | Third Party Advisory, US Government Resource | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-pnp-memleak | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-19-094-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-pnp-memleak | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios:15.7\\(3.1s\\)m:*:*:*:*:*:*:*",
"matchCriteriaId": "4B371D52-242A-4B18-B1B0-728C8A3521E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:denali-16.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BC5B9B8A-ABD0-452D-A384-5CBCD9B8958D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ios:everest-16.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "99B5A36C-18B0-4A1B-A1A5-A9E36EC23E0B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Cisco Network Plug and Play agent, also referred to as the Cisco Open Plug-n-Play agent, of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. The vulnerability is due to insufficient input validation by the affected software. An attacker could exploit this vulnerability by sending invalid data to the Cisco Network Plug and Play agent on an affected device. A successful exploit could allow the attacker to cause a memory leak on the affected device, which could cause the device to reload."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el agente Cisco Network Plug and Play tambi\u00e9n llamado agente Cisco Open Plug-n-Play, de Cisco IOS Software y Cisco IOS XE Software podr\u00eda permitir que un atacante remoto no autenticado provoque una fuga de memoria en un dispositivo afectado. Esta vulnerabilidad tambi\u00e9n se debe a la insuficiente validaci\u00f3n de entrada por parte del software afectado. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de datos inv\u00e1lidos al agente Cisco Network Plug and Play en un dispositivo afectado. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir que el atacante provoque una fuga de memoria en el dispositivo afectado, lo que podr\u00eda provocar el reinicio del dispositivo."
}
],
"id": "CVE-2018-15377",
"lastModified": "2024-11-21T03:50:39.487",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-05T14:29:06.887",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-094-02"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-pnp-memleak"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-094-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-pnp-memleak"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CNVD-2018-20777
Vulnerability from cnvd - Published: 2018-10-12
VLAI Severity ?
Title
Cisco IOS Software和IOS XE Software内存泄露漏洞
Description
Cisco IOS Software和IOS XE Software都是美国思科(Cisco)公司为其网络设备开发的操作系统。
Cisco IOS Software和IOS XE Software中的Network Plug and Play代理存在内存泄露漏洞,该漏洞源于受影响的设备未能正确的验证输入,远程攻击者可通过发送无效的数据利用该漏洞造成内存泄露,导致拒绝服务。
Severity
中
Patch Name
Cisco IOS Software和IOS XE Software内存泄露漏洞的补丁
Patch Description
Cisco IOS Software和IOS XE Software都是美国思科(Cisco)公司为其网络设备开发的操作系统。
Cisco IOS Software和IOS XE Software中的Network Plug and Play代理存在内存泄露漏洞,该漏洞源于受影响的设备未能正确的验证输入,远程攻击者可通过发送无效的数据利用该漏洞造成内存泄露,导致拒绝服务。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-pnp-memleak
Reference
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-pnp-memleak
Impacted products
| Name | ['Cisco IOS Software', 'Cisco IOS XE Software'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2018-15377"
}
},
"description": "Cisco IOS Software\u548cIOS XE Software\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u4e3a\u5176\u7f51\u7edc\u8bbe\u5907\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nCisco IOS Software\u548cIOS XE Software\u4e2d\u7684Network Plug and Play\u4ee3\u7406\u5b58\u5728\u5185\u5b58\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u53d7\u5f71\u54cd\u7684\u8bbe\u5907\u672a\u80fd\u6b63\u786e\u7684\u9a8c\u8bc1\u8f93\u5165\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u65e0\u6548\u7684\u6570\u636e\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u5185\u5b58\u6cc4\u9732\uff0c\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002",
"discovererName": "Cisco",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-pnp-memleak",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2018-20777",
"openTime": "2018-10-12",
"patchDescription": "Cisco IOS Software\u548cIOS XE Software\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u4e3a\u5176\u7f51\u7edc\u8bbe\u5907\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nCisco IOS Software\u548cIOS XE Software\u4e2d\u7684Network Plug and Play\u4ee3\u7406\u5b58\u5728\u5185\u5b58\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u53d7\u5f71\u54cd\u7684\u8bbe\u5907\u672a\u80fd\u6b63\u786e\u7684\u9a8c\u8bc1\u8f93\u5165\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u65e0\u6548\u7684\u6570\u636e\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u5185\u5b58\u6cc4\u9732\uff0c\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Cisco IOS Software\u548cIOS XE Software\u5185\u5b58\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Cisco IOS Software",
"Cisco IOS XE Software"
]
},
"referenceLink": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-pnp-memleak",
"serverity": "\u4e2d",
"submitTime": "2018-10-08",
"title": "Cisco IOS Software\u548cIOS XE Software\u5185\u5b58\u6cc4\u9732\u6f0f\u6d1e"
}
GSD-2018-15377
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
A vulnerability in the Cisco Network Plug and Play agent, also referred to as the Cisco Open Plug-n-Play agent, of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. The vulnerability is due to insufficient input validation by the affected software. An attacker could exploit this vulnerability by sending invalid data to the Cisco Network Plug and Play agent on an affected device. A successful exploit could allow the attacker to cause a memory leak on the affected device, which could cause the device to reload.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-15377",
"description": "A vulnerability in the Cisco Network Plug and Play agent, also referred to as the Cisco Open Plug-n-Play agent, of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. The vulnerability is due to insufficient input validation by the affected software. An attacker could exploit this vulnerability by sending invalid data to the Cisco Network Plug and Play agent on an affected device. A successful exploit could allow the attacker to cause a memory leak on the affected device, which could cause the device to reload.",
"id": "GSD-2018-15377"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-15377"
],
"details": "A vulnerability in the Cisco Network Plug and Play agent, also referred to as the Cisco Open Plug-n-Play agent, of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. The vulnerability is due to insufficient input validation by the affected software. An attacker could exploit this vulnerability by sending invalid data to the Cisco Network Plug and Play agent on an affected device. A successful exploit could allow the attacker to cause a memory leak on the affected device, which could cause the device to reload.",
"id": "GSD-2018-15377",
"modified": "2023-12-13T01:22:24.043920Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2018-09-26T16:00:00-0500",
"ID": "CVE-2018-15377",
"STATE": "PUBLIC",
"TITLE": "Cisco IOS and IOS XE Software Plug and Play Agent Memory Leak Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IOS Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Cisco Network Plug and Play agent, also referred to as the Cisco Open Plug-n-Play agent, of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. The vulnerability is due to insufficient input validation by the affected software. An attacker could exploit this vulnerability by sending invalid data to the Cisco Network Plug and Play agent on an affected device. A successful exploit could allow the attacker to cause a memory leak on the affected device, which could cause the device to reload."
}
]
},
"impact": {
"cvss": {
"baseScore": "6.8",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180926 Cisco IOS and IOS XE Software Plug and Play Agent Memory Leak Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-pnp-memleak"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-094-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-094-02"
}
]
},
"source": {
"advisory": "cisco-sa-20180926-pnp-memleak",
"defect": [
[
"CSCvi30136"
]
],
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.7\\(3.1s\\)m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:denali-16.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:everest-16.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2018-15377"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A vulnerability in the Cisco Network Plug and Play agent, also referred to as the Cisco Open Plug-n-Play agent, of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. The vulnerability is due to insufficient input validation by the affected software. An attacker could exploit this vulnerability by sending invalid data to the Cisco Network Plug and Play agent on an affected device. A successful exploit could allow the attacker to cause a memory leak on the affected device, which could cause the device to reload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180926 Cisco IOS and IOS XE Software Plug and Play Agent Memory Leak Vulnerability",
"refsource": "CISCO",
"tags": [
"Vendor Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-pnp-memleak"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-094-02",
"refsource": "MISC",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-094-02"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0
}
},
"lastModifiedDate": "2020-08-31T20:00Z",
"publishedDate": "2018-10-05T14:29Z"
}
}
}
VAR-201810-0569
Vulnerability from variot - Updated: 2024-01-18 22:29A vulnerability in the Cisco Network Plug and Play agent, also referred to as the Cisco Open Plug-n-Play agent, of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. The vulnerability is due to insufficient input validation by the affected software. An attacker could exploit this vulnerability by sending invalid data to the Cisco Network Plug and Play agent on an affected device. A successful exploit could allow the attacker to cause a memory leak on the affected device, which could cause the device to reload. plural Cisco IOS The product is vulnerable to resource exhaustion.Service operation interruption (DoS) There is a possibility of being put into a state. This issue is being tracked by Cisco Bug ID CSCvi30136
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-0569",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ios",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "everest-16.5.1"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "15.7\\(3.1s\\)m"
},
{
"model": "ios",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "denali-16.3.6"
},
{
"model": "ios",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "ios software",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios xe software",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "asr series route processor",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "10000"
},
{
"model": "automation allen-bradley stratix 15.2 e0a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "5700"
},
{
"model": "automation allen-bradley stratix 15.2 ea.fc4",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "5700"
},
{
"model": "automation allen-bradley stratix 15.2 e1",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "5410"
},
{
"model": "automation allen-bradley stratix 15.2 e0a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "5410"
},
{
"model": "automation allen-bradley stratix 15.2 ea.fc4",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "5410"
},
{
"model": "automation allen-bradley stratix 15.2 ea3",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "5410"
},
{
"model": "automation allen-bradley stratix 15.2 eb",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "5410"
},
{
"model": "automation allen-bradley stratix 15.2 e1",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "5400"
},
{
"model": "automation allen-bradley stratix 15.2 e0a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "5400"
},
{
"model": "automation allen-bradley stratix 15.2 ea.fc4",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "5400"
},
{
"model": "automation allen-bradley stratix 15.2 ea3",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "5400"
},
{
"model": "automation allen-bradley stratix 15.2 eb",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "5400"
},
{
"model": "automation allen-bradley stratix 15.2 ea1",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "5400"
},
{
"model": "automation allen-bradley armorstratix 15.2 e0a",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "5700"
},
{
"model": "automation allen-bradley armorstratix 15.2 ea.fc4",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "5700"
},
{
"model": "automation allen-bradley stratix 15.2 ea3",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwall",
"version": "5700"
},
{
"model": "ncs",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "42160"
},
{
"model": "ncs",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "42060"
},
{
"model": "ncs",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "42020"
},
{
"model": "ncs",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "42010"
},
{
"model": "ios xe software denali",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "16.3.6"
},
{
"model": "ios xe software everest-16.5.1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios 15.7 m",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "cloud services router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1000v0"
},
{
"model": "cbr-8 converged broadband router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst c3850-12x48u-s switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst c3850-12x48u-l switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst c3850-12x48u-e switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3850-48xs-s switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3850-48xs-f-s switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3850-48xs-f-e switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3850-48xs-e switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3850-48u-s switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3850-48u-l switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3850-48u-e switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3850-48t-s switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3850-48t-l switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3850-48t-e switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3850-48p-s switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3850-48p-l switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3850-48p-e switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3850-48f-s switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3850-48f-l switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3850-48f-e switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3850-32xs-s switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3850-32xs-e switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3850-24xu-s switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3850-24xu-l switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3850-24xu-e switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3850-24xs-s switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3850-24xs-e switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3850-24u-s switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3850-24u-l switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3850-24u-e switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3850-24t-s switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3850-24t-l switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3850-24t-e switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3850-24s-s switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3850-24s-e switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3850-24p-s switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3850-24p-l switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3850-24p-e switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3850-16xs-s switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3850-16xs-e switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3850-12xs-s switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3850-12xs-e switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3850-12s-s switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3850-12s-e switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3650-8x24uq-s switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3650-8x24uq-l switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3650-8x24uq-e switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3650-8x24pd-s switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3650-8x24pd-l switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3650-8x24pd-e switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3650-48ts-s switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3650-48ts-l switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3650-48ts-e switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3650-48tq-s switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3650-48tq-l switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3650-48tq-e switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3650-48td-s switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3650-48td-l switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3650-48td-e switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3650-48ps-s switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3650-48ps-l switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3650-48ps-e switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3650-48pq-s switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3650-48pq-l switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3650-48pq-e switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3650-48pd-s switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3650-48pd-l switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3650-48pd-e switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3650-48fs-s switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3650-48fs-l switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3650-48fs-e switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3650-48fqm-s switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3650-48fqm-l switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3650-48fqm-e switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3650-48fq-s switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3650-48fq-l switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3650-48fq-e switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3650-48fd-s switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3650-48fd-l switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3650-48fd-e switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3650-24ts-s switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3650-24ts-l switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3650-24ts-e switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3650-24td-s switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3650-24td-l switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3650-24td-e switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3650-24ps-s switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3650-24ps-l switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3650-24ps-e switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3650-24pdm-s switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3650-24pdm-l switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3650-24pdm-e switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3650-24pd-s switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3650-24pd-l switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3650-24pd-e switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3650-12x48uz-s switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3650-12x48uz-l switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3650-12x48uz-e switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3650-12x48ur-s switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3650-12x48ur-l switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3650-12x48ur-e switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3650-12x48uq-s switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3650-12x48uq-l switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3650-12x48uq-e switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3650-12x48fd-s switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "catalyst 3650-12x48fd-l switch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "asr 920-4sz-d router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "asr 920-4sz-a router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "asr 920-24tz-m router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "asr 920-24sz-m router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "asr 920-24sz-im router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "asr 920-12sz-im router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "asr 920-12cz-d router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "asr 920-12cz-a router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "asr 920-10sz-pd router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "asr route switch processor",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "90030"
},
{
"model": "asr route switch processor",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "90020"
},
{
"model": "asr router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1002-x0"
},
{
"model": "asr 1002-hx router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "asr router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1001-x0"
},
{
"model": "asr 1001-hx router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "integrated services router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4451-x0"
},
{
"model": "integrated services router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "44310"
},
{
"model": "integrated services router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "43510"
},
{
"model": "integrated services router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "43310"
},
{
"model": "integrated services router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "43210"
},
{
"model": "automation allen-bradley stratix 15.2 e2a",
"scope": "ne",
"trust": 0.3,
"vendor": "rockwell",
"version": "5700"
},
{
"model": "automation allen-bradley stratix 15.2 e2a",
"scope": "ne",
"trust": 0.3,
"vendor": "rockwell",
"version": "5410"
},
{
"model": "automation allen-bradley stratix 15.2 e2a",
"scope": "ne",
"trust": 0.3,
"vendor": "rockwell",
"version": "5400"
},
{
"model": "automation allen-bradley armorstratix 15.2 e2a",
"scope": "ne",
"trust": 0.3,
"vendor": "rockwell",
"version": "5700"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20777"
},
{
"db": "BID",
"id": "107775"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011566"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1263"
},
{
"db": "NVD",
"id": "CVE-2018-15377"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:15.7\\(3.1s\\)m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:denali-16.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios:everest-16.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-15377"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell Automation reported this vulnerability to NCCIC.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-1263"
}
],
"trust": 0.6
},
"cve": "CVE-2018-15377",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-15377",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 5.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "CNVD-2018-20777",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-125630",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.6,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-15377",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-15377",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-20777",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-1263",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-125630",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-15377",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20777"
},
{
"db": "VULHUB",
"id": "VHN-125630"
},
{
"db": "VULMON",
"id": "CVE-2018-15377"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011566"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1263"
},
{
"db": "NVD",
"id": "CVE-2018-15377"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the Cisco Network Plug and Play agent, also referred to as the Cisco Open Plug-n-Play agent, of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. The vulnerability is due to insufficient input validation by the affected software. An attacker could exploit this vulnerability by sending invalid data to the Cisco Network Plug and Play agent on an affected device. A successful exploit could allow the attacker to cause a memory leak on the affected device, which could cause the device to reload. plural Cisco IOS The product is vulnerable to resource exhaustion.Service operation interruption (DoS) There is a possibility of being put into a state. \nThis issue is being tracked by Cisco Bug ID CSCvi30136",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-15377"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011566"
},
{
"db": "CNVD",
"id": "CNVD-2018-20777"
},
{
"db": "BID",
"id": "107775"
},
{
"db": "VULHUB",
"id": "VHN-125630"
},
{
"db": "VULMON",
"id": "CVE-2018-15377"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-15377",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-19-094-02",
"trust": 2.9
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011566",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1263",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-20777",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1153",
"trust": 0.6
},
{
"db": "BID",
"id": "107775",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-125630",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-15377",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20777"
},
{
"db": "VULHUB",
"id": "VHN-125630"
},
{
"db": "VULMON",
"id": "CVE-2018-15377"
},
{
"db": "BID",
"id": "107775"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011566"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1263"
},
{
"db": "NVD",
"id": "CVE-2018-15377"
}
]
},
"id": "VAR-201810-0569",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20777"
},
{
"db": "VULHUB",
"id": "VHN-125630"
}
],
"trust": 1.30441718
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20777"
}
]
},
"last_update_date": "2024-01-18T22:29:56.586000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20180926-pnp-memleak",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180926-pnp-memleak"
},
{
"title": "Patch for Cisco IOS Software and IOSXESoftware Memory Leak Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/142191"
},
{
"title": "Cisco IOS Software and IOS XE Software Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=85272"
},
{
"title": "Cisco: Cisco IOS and IOS XE Software Plug and Play Agent Memory Leak Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20180926-pnp-memleak"
},
{
"title": "VSCAN",
"trust": 0.1,
"url": "https://github.com/lucabrasi83/vscan "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20777"
},
{
"db": "VULMON",
"id": "CVE-2018-15377"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011566"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1263"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-401",
"trust": 1.1
},
{
"problemtype": "CWE-400",
"trust": 0.9
},
{
"problemtype": "CWE-20",
"trust": 0.1
},
{
"problemtype": "CWE-772",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-125630"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011566"
},
{
"db": "NVD",
"id": "CVE-2018-15377"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-094-02"
},
{
"trust": 2.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180926-pnp-memleak"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15377"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-15377"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/78478"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/401.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/lucabrasi83/vscan"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20777"
},
{
"db": "VULHUB",
"id": "VHN-125630"
},
{
"db": "VULMON",
"id": "CVE-2018-15377"
},
{
"db": "BID",
"id": "107775"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011566"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1263"
},
{
"db": "NVD",
"id": "CVE-2018-15377"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-20777"
},
{
"db": "VULHUB",
"id": "VHN-125630"
},
{
"db": "VULMON",
"id": "CVE-2018-15377"
},
{
"db": "BID",
"id": "107775"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011566"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1263"
},
{
"db": "NVD",
"id": "CVE-2018-15377"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-20777"
},
{
"date": "2018-10-05T00:00:00",
"db": "VULHUB",
"id": "VHN-125630"
},
{
"date": "2018-10-05T00:00:00",
"db": "VULMON",
"id": "CVE-2018-15377"
},
{
"date": "2018-09-26T00:00:00",
"db": "BID",
"id": "107775"
},
{
"date": "2019-01-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011566"
},
{
"date": "2018-09-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-1263"
},
{
"date": "2018-10-05T14:29:06.887000",
"db": "NVD",
"id": "CVE-2018-15377"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-20777"
},
{
"date": "2020-08-31T00:00:00",
"db": "VULHUB",
"id": "VHN-125630"
},
{
"date": "2020-08-31T00:00:00",
"db": "VULMON",
"id": "CVE-2018-15377"
},
{
"date": "2018-09-26T00:00:00",
"db": "BID",
"id": "107775"
},
{
"date": "2019-04-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011566"
},
{
"date": "2020-10-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-1263"
},
{
"date": "2020-08-31T20:00:52.937000",
"db": "NVD",
"id": "CVE-2018-15377"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-1263"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco IOS Product depletion vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011566"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-1263"
}
],
"trust": 0.6
}
}
GHSA-88PH-QQ7Q-P3QV
Vulnerability from github – Published: 2022-05-13 01:17 – Updated: 2022-05-13 01:17
VLAI?
Details
A vulnerability in the Cisco Network Plug and Play agent, also referred to as the Cisco Open Plug-n-Play agent, of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. The vulnerability is due to insufficient input validation by the affected software. An attacker could exploit this vulnerability by sending invalid data to the Cisco Network Plug and Play agent on an affected device. A successful exploit could allow the attacker to cause a memory leak on the affected device, which could cause the device to reload.
Severity ?
8.6 (High)
{
"affected": [],
"aliases": [
"CVE-2018-15377"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-10-05T14:29:00Z",
"severity": "HIGH"
},
"details": "A vulnerability in the Cisco Network Plug and Play agent, also referred to as the Cisco Open Plug-n-Play agent, of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. The vulnerability is due to insufficient input validation by the affected software. An attacker could exploit this vulnerability by sending invalid data to the Cisco Network Plug and Play agent on an affected device. A successful exploit could allow the attacker to cause a memory leak on the affected device, which could cause the device to reload.",
"id": "GHSA-88ph-qq7q-p3qv",
"modified": "2022-05-13T01:17:46Z",
"published": "2022-05-13T01:17:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15377"
},
{
"type": "WEB",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-094-02"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-pnp-memleak"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
CISCO-SA-20180926-PNP-MEMLEAK
Vulnerability from csaf_cisco - Published: 2018-09-26 16:00 - Updated: 2018-09-26 16:00Summary
Cisco IOS and IOS XE Software Plug and Play Agent Memory Leak Vulnerability
Notes
Summary
A vulnerability in the Cisco Network Plug and Play agent, also referred to as the Cisco Open Plug-n-Play agent, of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device.
The vulnerability is due to insufficient input validation by the affected software. An attacker could exploit this vulnerability by sending invalid data to the Cisco Network Plug and Play agent on an affected device. A successful exploit could allow the attacker to cause a memory leak on the affected device, which could cause the device to reload.
There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-pnp-memleak ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-pnp-memleak"]
Vulnerable Products
This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS Software or Cisco IOS XE Software.
For information about which Cisco IOS and IOS XE Software releases are vulnerable, see the Fixed Software ["#fs"] section of this advisory.
Determining the Cisco IOS Software Release
To determine which Cisco IOS Software release is running on a device, administrators can log in to the device, use the show version command in the CLI, and then refer to the system banner that appears. If the device is running Cisco IOS Software, the system banner displays text similar to Cisco Internetwork Operating System Software or Cisco IOS Software. The banner also displays the installed image name in parentheses, followed by the Cisco IOS Software release number and release name. Some Cisco devices do not support the show version command or may provide different output.
The following example shows the output of the command for a device that is running Cisco IOS Software Release 15.5(2)T1 and has an installed image name of C2951-UNIVERSALK9-M:
Router> show version
Cisco IOS Software, C2951 Software (C2951-UNIVERSALK9-M), Version 15.5(2)T1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2015 by Cisco Systems, Inc. Compiled Mon 22-Jun-15 09:32 by prod_rel_team . . .
For information about the naming and numbering conventions for Cisco IOS Software releases, see the Cisco IOS and NX-OS Software Reference Guide ["https://www.cisco.com/c/en/us/about/security-center/ios-nx-os-reference-guide.html"].
Determining the Cisco IOS XE Software Release
To determine which Cisco IOS XE Software release is running on a device, administrators can log in to the device, use the show version command in the CLI, and then refer to the system banner that appears. If the device is running Cisco IOS XE Software, the system banner displays Cisco IOS Software, Cisco IOS XE Software, or similar text.
The following example shows the output of the command for a device that is running Cisco IOS XE Software Release 16.2.1 and has an installed image name of CAT3K_CAA-UNIVERSALK9-M:
ios-xe-device# show version
Cisco IOS Software, Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9-M), Version Denali 16.2.1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2016 by Cisco Systems, Inc. Compiled Sun 27-Mar-16 21:47 by mcpre . . .
For information about the naming and numbering conventions for Cisco IOS XE Software releases, see the Cisco IOS and NX-OS Software Reference Guide ["https://www.cisco.com/c/en/us/about/security-center/ios-nx-os-reference-guide.html"].
Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products ["#vp"] section of this advisory are known to be affected by this vulnerability.
Cisco has confirmed that this vulnerability does not affect Cisco IOS XR Software or Cisco NX-OS Software.
Workarounds
There are no workarounds that address this vulnerability.
Fixed Software
For detailed information about affected and fixed software releases, consult the Cisco IOS Software Checker.
When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page ["https://www.cisco.com/go/psirt"], to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
Cisco IOS and IOS XE Software
To help customers determine their exposure to vulnerabilities in Cisco IOS and IOS XE Software, Cisco provides a tool, the Cisco IOS Software Checker ["https://sec.cloudapps.cisco.com/security/center/softwarechecker.x"], that identifies any Cisco Security Advisories that impact a specific software release and the earliest release that fixes the vulnerabilities described in each advisory (“First Fixed”). If applicable, the tool also returns the earliest release that fixes all the vulnerabilities described in all the advisories identified (“Combined First Fixed”).
Customers can use this tool to perform the following tasks:
Initiate a search by choosing one or more releases from a drop-down list or uploading a file from a local system for the tool to parse
Enter the output of the show version command for the tool to parse
Create a custom search by including all previously published Cisco Security Advisories, a specific advisory, or all advisories in the most recent bundled publication
To determine whether a release is affected by any published Cisco Security Advisory, use the Cisco IOS Software Checker ["https://sec.cloudapps.cisco.com/security/center/softwarechecker.x"] on Cisco.com or enter a Cisco IOS or IOS XE Software release—for example, 15.1(4)M2 or 3.13.8S—in the following field:
By default, the Cisco IOS Software Checker includes results only for vulnerabilities that have a Critical or High Security Impact Rating (SIR). To include results for Medium SIR vulnerabilities, use the Cisco IOS Software Checker on Cisco.com and check the Medium check box in the Impact Rating drop-down list.
Vulnerability Policy
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
Exploitation and Public Announcements
The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
Source
This vulnerability was found during the resolution of a Cisco TAC support case.
Legal Disclaimer
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.
{
"document": {
"acknowledgments": [
{
"summary": "This vulnerability was found during the resolution of a Cisco TAC support case."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"notes": [
{
"category": "summary",
"text": "A vulnerability in the Cisco Network Plug and Play agent, also referred to as the Cisco Open Plug-n-Play agent, of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device.\r\n\r\nThe vulnerability is due to insufficient input validation by the affected software. An attacker could exploit this vulnerability by sending invalid data to the Cisco Network Plug and Play agent on an affected device. A successful exploit could allow the attacker to cause a memory leak on the affected device, which could cause the device to reload.\r\n\r\nThere are no workarounds that address this vulnerability.\r\n\r\nThis advisory is available at the following link:\r\nhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-pnp-memleak [\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-pnp-memleak\"]",
"title": "Summary"
},
{
"category": "general",
"text": "This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS Software or Cisco IOS XE Software.\r\n\r\nFor information about which Cisco IOS and IOS XE Software releases are vulnerable, see the Fixed Software [\"#fs\"] section of this advisory.\r\n Determining the Cisco IOS Software Release\r\nTo determine which Cisco IOS Software release is running on a device, administrators can log in to the device, use the show version command in the CLI, and then refer to the system banner that appears. If the device is running Cisco IOS Software, the system banner displays text similar to Cisco Internetwork Operating System Software or Cisco IOS Software. The banner also displays the installed image name in parentheses, followed by the Cisco IOS Software release number and release name. Some Cisco devices do not support the show version command or may provide different output.\r\n\r\nThe following example shows the output of the command for a device that is running Cisco IOS Software Release 15.5(2)T1 and has an installed image name of C2951-UNIVERSALK9-M:\r\n\r\n\r\nRouter\u003e show version\r\n Cisco IOS Software, C2951 Software (C2951-UNIVERSALK9-M), Version 15.5(2)T1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2015 by Cisco Systems, Inc. Compiled Mon 22-Jun-15 09:32 by prod_rel_team . . .\r\n\r\nFor information about the naming and numbering conventions for Cisco IOS Software releases, see the Cisco IOS and NX-OS Software Reference Guide [\"https://www.cisco.com/c/en/us/about/security-center/ios-nx-os-reference-guide.html\"].\r\nDetermining the Cisco IOS XE Software Release\r\nTo determine which Cisco IOS XE Software release is running on a device, administrators can log in to the device, use the show version command in the CLI, and then refer to the system banner that appears. If the device is running Cisco IOS XE Software, the system banner displays Cisco IOS Software, Cisco IOS XE Software, or similar text.\r\n\r\nThe following example shows the output of the command for a device that is running Cisco IOS XE Software Release 16.2.1 and has an installed image name of CAT3K_CAA-UNIVERSALK9-M:\r\n\r\n\r\nios-xe-device# show version\r\n Cisco IOS Software, Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9-M), Version Denali 16.2.1, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2016 by Cisco Systems, Inc. Compiled Sun 27-Mar-16 21:47 by mcpre . . .\r\n\r\nFor information about the naming and numbering conventions for Cisco IOS XE Software releases, see the Cisco IOS and NX-OS Software Reference Guide [\"https://www.cisco.com/c/en/us/about/security-center/ios-nx-os-reference-guide.html\"].",
"title": "Vulnerable Products"
},
{
"category": "general",
"text": "Only products listed in the Vulnerable Products [\"#vp\"] section of this advisory are known to be affected by this vulnerability.\r\n\r\nCisco has confirmed that this vulnerability does not affect Cisco IOS XR Software or Cisco NX-OS Software.",
"title": "Products Confirmed Not Vulnerable"
},
{
"category": "general",
"text": "There are no workarounds that address this vulnerability.",
"title": "Workarounds"
},
{
"category": "general",
"text": "For detailed information about affected and fixed software releases, consult the Cisco IOS Software Checker.\r\n\r\nWhen considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page [\"https://www.cisco.com/go/psirt\"], to determine exposure and a complete upgrade solution.\r\n\r\nIn all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.\r\n Cisco IOS and IOS XE Software\r\nTo help customers determine their exposure to vulnerabilities in Cisco IOS and IOS XE Software, Cisco provides a tool, the Cisco IOS Software Checker [\"https://sec.cloudapps.cisco.com/security/center/softwarechecker.x\"], that identifies any Cisco Security Advisories that impact a specific software release and the earliest release that fixes the vulnerabilities described in each advisory (\u201cFirst Fixed\u201d). If applicable, the tool also returns the earliest release that fixes all the vulnerabilities described in all the advisories identified (\u201cCombined First Fixed\u201d).\r\n\r\nCustomers can use this tool to perform the following tasks:\r\n\r\nInitiate a search by choosing one or more releases from a drop-down list or uploading a file from a local system for the tool to parse\r\nEnter the output of the show version command for the tool to parse\r\nCreate a custom search by including all previously published Cisco Security Advisories, a specific advisory, or all advisories in the most recent bundled publication\r\n\r\nTo determine whether a release is affected by any published Cisco Security Advisory, use the Cisco IOS Software Checker [\"https://sec.cloudapps.cisco.com/security/center/softwarechecker.x\"] on Cisco.com or enter a Cisco IOS or IOS XE Software release\u2014for example, 15.1(4)M2 or 3.13.8S\u2014in the following field:\r\n\r\n\r\n\r\nBy default, the Cisco IOS Software Checker includes results only for vulnerabilities that have a Critical or High Security Impact Rating (SIR). To include results for Medium SIR vulnerabilities, use the Cisco IOS Software Checker on Cisco.com and check the Medium check box in the Impact Rating drop-down list.",
"title": "Fixed Software"
},
{
"category": "general",
"text": "To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html\"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.",
"title": "Vulnerability Policy"
},
{
"category": "general",
"text": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.",
"title": "Exploitation and Public Announcements"
},
{
"category": "general",
"text": "This vulnerability was found during the resolution of a Cisco TAC support case.",
"title": "Source"
},
{
"category": "legal_disclaimer",
"text": "THIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.\r\n\r\nA standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.",
"title": "Legal Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "Emergency Support:\r\n+1 877 228 7302 (toll-free within North America)\r\n+1 408 525 6532 (International direct-dial)\r\nNon-emergency Support:\r\nEmail: psirt@cisco.com\r\nSupport requests that are received via e-mail are typically acknowledged within 48 hours.",
"issuing_authority": "Cisco product security incident response is the responsibility of the Cisco Product Security Incident Response Team (PSIRT). The Cisco PSIRT is a dedicated, global team that manages the receipt, investigation, and public reporting of security vulnerability information that is related to Cisco products and networks. The on-call Cisco PSIRT works 24x7 with Cisco customers, independent security researchers, consultants, industry organizations, and other vendors to identify possible security issues with Cisco products and networks.\r\nMore information can be found in Cisco Security Vulnerability Policy available at https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html",
"name": "Cisco",
"namespace": "https://wwww.cisco.com"
},
"references": [
{
"category": "self",
"summary": "Cisco IOS and IOS XE Software Plug and Play Agent Memory Leak Vulnerability",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-pnp-memleak"
},
{
"category": "external",
"summary": "Cisco Security Vulnerability Policy",
"url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"
},
{
"category": "external",
"summary": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-pnp-memleak",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-pnp-memleak"
},
{
"category": "external",
"summary": "Cisco IOS and NX-OS Software Reference Guide",
"url": "https://www.cisco.com/c/en/us/about/security-center/ios-nx-os-reference-guide.html"
},
{
"category": "external",
"summary": "Cisco IOS and NX-OS Software Reference Guide",
"url": "https://www.cisco.com/c/en/us/about/security-center/ios-nx-os-reference-guide.html"
},
{
"category": "external",
"summary": "Cisco Security Advisories and Alerts page",
"url": "https://www.cisco.com/go/psirt"
},
{
"category": "external",
"summary": "Cisco\u0026nbsp;IOS Software Checker",
"url": "https://sec.cloudapps.cisco.com/security/center/softwarechecker.x"
},
{
"category": "external",
"summary": "Cisco\u0026nbsp;IOS Software Checker",
"url": "https://sec.cloudapps.cisco.com/security/center/softwarechecker.x"
},
{
"category": "external",
"summary": "Security Vulnerability Policy",
"url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"
}
],
"title": "Cisco IOS and IOS XE Software Plug and Play Agent Memory Leak Vulnerability",
"tracking": {
"current_release_date": "2018-09-26T16:00:00+00:00",
"generator": {
"date": "2022-09-03T03:31:52+00:00",
"engine": {
"name": "TVCE"
}
},
"id": "cisco-sa-20180926-pnp-memleak",
"initial_release_date": "2018-09-26T16:00:00+00:00",
"revision_history": [
{
"date": "2018-09-26T15:05:36+00:00",
"number": "1.0.0",
"summary": "Initial public release."
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "service_pack",
"name": "15.2(4)E",
"product": {
"name": "15.2(4)E",
"product_id": "CSAFPID-204108"
}
},
{
"category": "service_pack",
"name": "15.2(4)E1",
"product": {
"name": "15.2(4)E1",
"product_id": "CSAFPID-209887"
}
},
{
"category": "service_pack",
"name": "15.2(4)E2",
"product": {
"name": "15.2(4)E2",
"product_id": "CSAFPID-213610"
}
},
{
"category": "service_pack",
"name": "15.2(4m)E1",
"product": {
"name": "15.2(4m)E1",
"product_id": "CSAFPID-214072"
}
},
{
"category": "service_pack",
"name": "15.2(5)E",
"product": {
"name": "15.2(5)E",
"product_id": "CSAFPID-214556"
}
},
{
"category": "service_pack",
"name": "15.2(4)E3",
"product": {
"name": "15.2(4)E3",
"product_id": "CSAFPID-217805"
}
},
{
"category": "service_pack",
"name": "15.2(5a)E",
"product": {
"name": "15.2(5a)E",
"product_id": "CSAFPID-218995"
}
},
{
"category": "service_pack",
"name": "15.2(5)E1",
"product": {
"name": "15.2(5)E1",
"product_id": "CSAFPID-220441"
}
},
{
"category": "service_pack",
"name": "15.2(5b)E",
"product": {
"name": "15.2(5b)E",
"product_id": "CSAFPID-220457"
}
},
{
"category": "service_pack",
"name": "15.2(4m)E3",
"product": {
"name": "15.2(4m)E3",
"product_id": "CSAFPID-220664"
}
},
{
"category": "service_pack",
"name": "15.2(5c)E",
"product": {
"name": "15.2(5c)E",
"product_id": "CSAFPID-221137"
}
},
{
"category": "service_pack",
"name": "15.2(4n)E2",
"product": {
"name": "15.2(4n)E2",
"product_id": "CSAFPID-222500"
}
},
{
"category": "service_pack",
"name": "15.2(4o)E2",
"product": {
"name": "15.2(4o)E2",
"product_id": "CSAFPID-222924"
}
},
{
"category": "service_pack",
"name": "15.2(5a)E1",
"product": {
"name": "15.2(5a)E1",
"product_id": "CSAFPID-223143"
}
},
{
"category": "service_pack",
"name": "15.2(4)E4",
"product": {
"name": "15.2(4)E4",
"product_id": "CSAFPID-224553"
}
},
{
"category": "service_pack",
"name": "15.2(5)E2",
"product": {
"name": "15.2(5)E2",
"product_id": "CSAFPID-225740"
}
},
{
"category": "service_pack",
"name": "15.2(4p)E1",
"product": {
"name": "15.2(4p)E1",
"product_id": "CSAFPID-226077"
}
},
{
"category": "service_pack",
"name": "15.2(6)E",
"product": {
"name": "15.2(6)E",
"product_id": "CSAFPID-227598"
}
},
{
"category": "service_pack",
"name": "15.2(4)E5",
"product": {
"name": "15.2(4)E5",
"product_id": "CSAFPID-227959"
}
},
{
"category": "service_pack",
"name": "15.2(5)E2c",
"product": {
"name": "15.2(5)E2c",
"product_id": "CSAFPID-228151"
}
},
{
"category": "service_pack",
"name": "15.2(4m)E2",
"product": {
"name": "15.2(4m)E2",
"product_id": "CSAFPID-230588"
}
},
{
"category": "service_pack",
"name": "15.2(4o)E3",
"product": {
"name": "15.2(4o)E3",
"product_id": "CSAFPID-230589"
}
},
{
"category": "service_pack",
"name": "15.2(4q)E1",
"product": {
"name": "15.2(4q)E1",
"product_id": "CSAFPID-230590"
}
},
{
"category": "service_pack",
"name": "15.2(6)E0a",
"product": {
"name": "15.2(6)E0a",
"product_id": "CSAFPID-230591"
}
},
{
"category": "service_pack",
"name": "15.2(6)E1",
"product": {
"name": "15.2(6)E1",
"product_id": "CSAFPID-230592"
}
},
{
"category": "service_pack",
"name": "15.2(6)E0c",
"product": {
"name": "15.2(6)E0c",
"product_id": "CSAFPID-231245"
}
},
{
"category": "service_pack",
"name": "15.2(4)E6",
"product": {
"name": "15.2(4)E6",
"product_id": "CSAFPID-231471"
}
},
{
"category": "service_pack",
"name": "15.2(6)E1a",
"product": {
"name": "15.2(6)E1a",
"product_id": "CSAFPID-238999"
}
},
{
"category": "service_pack",
"name": "15.2(6)E1s",
"product": {
"name": "15.2(6)E1s",
"product_id": "CSAFPID-240186"
}
},
{
"category": "service_pack",
"name": "15.2(4s)E1",
"product": {
"name": "15.2(4s)E1",
"product_id": "CSAFPID-241916"
}
},
{
"category": "service_pack",
"name": "15.2(4s)E2",
"product": {
"name": "15.2(4s)E2",
"product_id": "CSAFPID-250628"
}
}
],
"category": "product_version",
"name": "15.2E"
},
{
"branches": [
{
"category": "service_pack",
"name": "15.2(5)EX",
"product": {
"name": "15.2(5)EX",
"product_id": "CSAFPID-222530"
}
}
],
"category": "product_version",
"name": "15.2EX"
},
{
"branches": [
{
"category": "service_pack",
"name": "15.5(3)S",
"product": {
"name": "15.5(3)S",
"product_id": "CSAFPID-204901"
}
},
{
"category": "service_pack",
"name": "15.5(3)S1",
"product": {
"name": "15.5(3)S1",
"product_id": "CSAFPID-210129"
}
},
{
"category": "service_pack",
"name": "15.5(3)S1a",
"product": {
"name": "15.5(3)S1a",
"product_id": "CSAFPID-211603"
}
},
{
"category": "service_pack",
"name": "15.5(3)S2",
"product": {
"name": "15.5(3)S2",
"product_id": "CSAFPID-212127"
}
},
{
"category": "service_pack",
"name": "15.5(3)S0a",
"product": {
"name": "15.5(3)S0a",
"product_id": "CSAFPID-213000"
}
},
{
"category": "service_pack",
"name": "15.5(3)S3",
"product": {
"name": "15.5(3)S3",
"product_id": "CSAFPID-213594"
}
},
{
"category": "service_pack",
"name": "15.5(3)S4",
"product": {
"name": "15.5(3)S4",
"product_id": "CSAFPID-218997"
}
},
{
"category": "service_pack",
"name": "15.5(3)S5",
"product": {
"name": "15.5(3)S5",
"product_id": "CSAFPID-223085"
}
},
{
"category": "service_pack",
"name": "15.5(3)S6",
"product": {
"name": "15.5(3)S6",
"product_id": "CSAFPID-225407"
}
},
{
"category": "service_pack",
"name": "15.5(3)S6a",
"product": {
"name": "15.5(3)S6a",
"product_id": "CSAFPID-228693"
}
},
{
"category": "service_pack",
"name": "15.5(3)S7",
"product": {
"name": "15.5(3)S7",
"product_id": "CSAFPID-228958"
}
},
{
"category": "service_pack",
"name": "15.5(3)S6b",
"product": {
"name": "15.5(3)S6b",
"product_id": "CSAFPID-230611"
}
}
],
"category": "product_version",
"name": "15.5S"
},
{
"branches": [
{
"category": "service_pack",
"name": "15.2(4)EA",
"product": {
"name": "15.2(4)EA",
"product_id": "CSAFPID-210203"
}
},
{
"category": "service_pack",
"name": "15.2(4)EA1",
"product": {
"name": "15.2(4)EA1",
"product_id": "CSAFPID-210958"
}
},
{
"category": "service_pack",
"name": "15.2(4)EA3",
"product": {
"name": "15.2(4)EA3",
"product_id": "CSAFPID-214965"
}
},
{
"category": "service_pack",
"name": "15.2(5)EA",
"product": {
"name": "15.2(5)EA",
"product_id": "CSAFPID-220038"
}
},
{
"category": "service_pack",
"name": "15.2(4)EA4",
"product": {
"name": "15.2(4)EA4",
"product_id": "CSAFPID-220460"
}
},
{
"category": "service_pack",
"name": "15.2(4)EA2",
"product": {
"name": "15.2(4)EA2",
"product_id": "CSAFPID-220507"
}
},
{
"category": "service_pack",
"name": "15.2(4)EA5",
"product": {
"name": "15.2(4)EA5",
"product_id": "CSAFPID-222419"
}
},
{
"category": "service_pack",
"name": "15.2(4)EA6",
"product": {
"name": "15.2(4)EA6",
"product_id": "CSAFPID-228075"
}
}
],
"category": "product_version",
"name": "15.2EA"
},
{
"branches": [
{
"category": "service_pack",
"name": "15.5(3)M",
"product": {
"name": "15.5(3)M",
"product_id": "CSAFPID-200509"
}
},
{
"category": "service_pack",
"name": "15.5(3)M1",
"product": {
"name": "15.5(3)M1",
"product_id": "CSAFPID-209360"
}
},
{
"category": "service_pack",
"name": "15.5(3)M0a",
"product": {
"name": "15.5(3)M0a",
"product_id": "CSAFPID-209936"
}
},
{
"category": "service_pack",
"name": "15.5(3)M2",
"product": {
"name": "15.5(3)M2",
"product_id": "CSAFPID-211825"
}
},
{
"category": "service_pack",
"name": "15.5(3)M2a",
"product": {
"name": "15.5(3)M2a",
"product_id": "CSAFPID-213633"
}
},
{
"category": "service_pack",
"name": "15.5(3)M3",
"product": {
"name": "15.5(3)M3",
"product_id": "CSAFPID-213789"
}
},
{
"category": "service_pack",
"name": "15.5(3)M4",
"product": {
"name": "15.5(3)M4",
"product_id": "CSAFPID-218996"
}
},
{
"category": "service_pack",
"name": "15.5(3)M4a",
"product": {
"name": "15.5(3)M4a",
"product_id": "CSAFPID-221093"
}
},
{
"category": "service_pack",
"name": "15.5(3)M5",
"product": {
"name": "15.5(3)M5",
"product_id": "CSAFPID-222988"
}
},
{
"category": "service_pack",
"name": "15.5(3)M4b",
"product": {
"name": "15.5(3)M4b",
"product_id": "CSAFPID-222989"
}
},
{
"category": "service_pack",
"name": "15.5(3)M4c",
"product": {
"name": "15.5(3)M4c",
"product_id": "CSAFPID-223189"
}
},
{
"category": "service_pack",
"name": "15.5(3)M6",
"product": {
"name": "15.5(3)M6",
"product_id": "CSAFPID-225155"
}
},
{
"category": "service_pack",
"name": "15.5(3)M7",
"product": {
"name": "15.5(3)M7",
"product_id": "CSAFPID-228957"
}
},
{
"category": "service_pack",
"name": "15.5(3)M6a",
"product": {
"name": "15.5(3)M6a",
"product_id": "CSAFPID-230609"
}
}
],
"category": "product_version",
"name": "15.5M"
},
{
"branches": [
{
"category": "service_pack",
"name": "15.5(3)SN0a",
"product": {
"name": "15.5(3)SN0a",
"product_id": "CSAFPID-209632"
}
},
{
"category": "service_pack",
"name": "15.5(3)SN",
"product": {
"name": "15.5(3)SN",
"product_id": "CSAFPID-213001"
}
}
],
"category": "product_version",
"name": "15.5SN"
},
{
"branches": [
{
"category": "service_pack",
"name": "15.6(1)S",
"product": {
"name": "15.6(1)S",
"product_id": "CSAFPID-204822"
}
},
{
"category": "service_pack",
"name": "15.6(2)S",
"product": {
"name": "15.6(2)S",
"product_id": "CSAFPID-209113"
}
},
{
"category": "service_pack",
"name": "15.6(2)S1",
"product": {
"name": "15.6(2)S1",
"product_id": "CSAFPID-211984"
}
},
{
"category": "service_pack",
"name": "15.6(1)S1",
"product": {
"name": "15.6(1)S1",
"product_id": "CSAFPID-212407"
}
},
{
"category": "service_pack",
"name": "15.6(1)S2",
"product": {
"name": "15.6(1)S2",
"product_id": "CSAFPID-214161"
}
},
{
"category": "service_pack",
"name": "15.6(2)S2",
"product": {
"name": "15.6(2)S2",
"product_id": "CSAFPID-216961"
}
},
{
"category": "service_pack",
"name": "15.6(1)S3",
"product": {
"name": "15.6(1)S3",
"product_id": "CSAFPID-222931"
}
},
{
"category": "service_pack",
"name": "15.6(2)S3",
"product": {
"name": "15.6(2)S3",
"product_id": "CSAFPID-226076"
}
},
{
"category": "service_pack",
"name": "15.6(1)S4",
"product": {
"name": "15.6(1)S4",
"product_id": "CSAFPID-227612"
}
},
{
"category": "service_pack",
"name": "15.6(2)S4",
"product": {
"name": "15.6(2)S4",
"product_id": "CSAFPID-228195"
}
}
],
"category": "product_version",
"name": "15.6S"
},
{
"branches": [
{
"category": "service_pack",
"name": "15.6(1)T",
"product": {
"name": "15.6(1)T",
"product_id": "CSAFPID-205516"
}
},
{
"category": "service_pack",
"name": "15.6(2)T",
"product": {
"name": "15.6(2)T",
"product_id": "CSAFPID-209115"
}
},
{
"category": "service_pack",
"name": "15.6(1)T0a",
"product": {
"name": "15.6(1)T0a",
"product_id": "CSAFPID-212118"
}
},
{
"category": "service_pack",
"name": "15.6(1)T1",
"product": {
"name": "15.6(1)T1",
"product_id": "CSAFPID-212445"
}
},
{
"category": "service_pack",
"name": "15.6(2)T1",
"product": {
"name": "15.6(2)T1",
"product_id": "CSAFPID-214938"
}
},
{
"category": "service_pack",
"name": "15.6(1)T2",
"product": {
"name": "15.6(1)T2",
"product_id": "CSAFPID-216215"
}
},
{
"category": "service_pack",
"name": "15.6(2)T0a",
"product": {
"name": "15.6(2)T0a",
"product_id": "CSAFPID-216239"
}
},
{
"category": "service_pack",
"name": "15.6(2)T2",
"product": {
"name": "15.6(2)T2",
"product_id": "CSAFPID-216962"
}
},
{
"category": "service_pack",
"name": "15.6(1)T3",
"product": {
"name": "15.6(1)T3",
"product_id": "CSAFPID-227613"
}
},
{
"category": "service_pack",
"name": "15.6(2)T3",
"product": {
"name": "15.6(2)T3",
"product_id": "CSAFPID-227914"
}
}
],
"category": "product_version",
"name": "15.6T"
},
{
"branches": [
{
"category": "service_pack",
"name": "15.3(3)JC6",
"product": {
"name": "15.3(3)JC6",
"product_id": "CSAFPID-224442"
}
},
{
"category": "service_pack",
"name": "15.3(3)JC8",
"product": {
"name": "15.3(3)JC8",
"product_id": "CSAFPID-227791"
}
},
{
"category": "service_pack",
"name": "15.3(3)JC9",
"product": {
"name": "15.3(3)JC9",
"product_id": "CSAFPID-230596"
}
},
{
"category": "service_pack",
"name": "15.3(3)JC14",
"product": {
"name": "15.3(3)JC14",
"product_id": "CSAFPID-231017"
}
}
],
"category": "product_version",
"name": "15.3JC"
},
{
"branches": [
{
"category": "service_pack",
"name": "15.3(1)SY",
"product": {
"name": "15.3(1)SY",
"product_id": "CSAFPID-209532"
}
},
{
"category": "service_pack",
"name": "15.3(0)SY",
"product": {
"name": "15.3(0)SY",
"product_id": "CSAFPID-212701"
}
},
{
"category": "service_pack",
"name": "15.3(1)SY1",
"product": {
"name": "15.3(1)SY1",
"product_id": "CSAFPID-216258"
}
},
{
"category": "service_pack",
"name": "15.3(1)SY2",
"product": {
"name": "15.3(1)SY2",
"product_id": "CSAFPID-220444"
}
}
],
"category": "product_version",
"name": "15.3SY"
},
{
"branches": [
{
"category": "service_pack",
"name": "15.6(2)SP",
"product": {
"name": "15.6(2)SP",
"product_id": "CSAFPID-212321"
}
},
{
"category": "service_pack",
"name": "15.6(2)SP1",
"product": {
"name": "15.6(2)SP1",
"product_id": "CSAFPID-220521"
}
},
{
"category": "service_pack",
"name": "15.6(2)SP2",
"product": {
"name": "15.6(2)SP2",
"product_id": "CSAFPID-224566"
}
},
{
"category": "service_pack",
"name": "15.6(2)SP3",
"product": {
"name": "15.6(2)SP3",
"product_id": "CSAFPID-226165"
}
},
{
"category": "service_pack",
"name": "15.6(2)SP4",
"product": {
"name": "15.6(2)SP4",
"product_id": "CSAFPID-230618"
}
}
],
"category": "product_version",
"name": "15.6SP"
},
{
"branches": [
{
"category": "service_pack",
"name": "15.6(1)SN",
"product": {
"name": "15.6(1)SN",
"product_id": "CSAFPID-213034"
}
},
{
"category": "service_pack",
"name": "15.6(1)SN1",
"product": {
"name": "15.6(1)SN1",
"product_id": "CSAFPID-213086"
}
},
{
"category": "service_pack",
"name": "15.6(2)SN",
"product": {
"name": "15.6(2)SN",
"product_id": "CSAFPID-216419"
}
},
{
"category": "service_pack",
"name": "15.6(1)SN2",
"product": {
"name": "15.6(1)SN2",
"product_id": "CSAFPID-230612"
}
},
{
"category": "service_pack",
"name": "15.6(1)SN3",
"product": {
"name": "15.6(1)SN3",
"product_id": "CSAFPID-230613"
}
},
{
"category": "service_pack",
"name": "15.6(3)SN",
"product": {
"name": "15.6(3)SN",
"product_id": "CSAFPID-230614"
}
},
{
"category": "service_pack",
"name": "15.6(4)SN",
"product": {
"name": "15.6(4)SN",
"product_id": "CSAFPID-230616"
}
},
{
"category": "service_pack",
"name": "15.6(5)SN",
"product": {
"name": "15.6(5)SN",
"product_id": "CSAFPID-232093"
}
},
{
"category": "service_pack",
"name": "15.6(6)SN",
"product": {
"name": "15.6(6)SN",
"product_id": "CSAFPID-236297"
}
},
{
"category": "service_pack",
"name": "15.6(7)SN",
"product": {
"name": "15.6(7)SN",
"product_id": "CSAFPID-254081"
}
},
{
"category": "service_pack",
"name": "15.6(7)SN1",
"product": {
"name": "15.6(7)SN1",
"product_id": "CSAFPID-262382"
}
},
{
"category": "service_pack",
"name": "15.6(7)SN2",
"product": {
"name": "15.6(7)SN2",
"product_id": "CSAFPID-275327"
}
},
{
"category": "service_pack",
"name": "15.6(7)SN3",
"product": {
"name": "15.6(7)SN3",
"product_id": "CSAFPID-278136"
}
}
],
"category": "product_version",
"name": "15.6SN"
},
{
"branches": [
{
"category": "service_pack",
"name": "15.3(3)JD3",
"product": {
"name": "15.3(3)JD3",
"product_id": "CSAFPID-222716"
}
},
{
"category": "service_pack",
"name": "15.3(3)JD4",
"product": {
"name": "15.3(3)JD4",
"product_id": "CSAFPID-225790"
}
},
{
"category": "service_pack",
"name": "15.3(3)JD5",
"product": {
"name": "15.3(3)JD5",
"product_id": "CSAFPID-226172"
}
},
{
"category": "service_pack",
"name": "15.3(3)JD6",
"product": {
"name": "15.3(3)JD6",
"product_id": "CSAFPID-227789"
}
},
{
"category": "service_pack",
"name": "15.3(3)JD7",
"product": {
"name": "15.3(3)JD7",
"product_id": "CSAFPID-228955"
}
},
{
"category": "service_pack",
"name": "15.3(3)JD8",
"product": {
"name": "15.3(3)JD8",
"product_id": "CSAFPID-230598"
}
},
{
"category": "service_pack",
"name": "15.3(3)JD9",
"product": {
"name": "15.3(3)JD9",
"product_id": "CSAFPID-230824"
}
},
{
"category": "service_pack",
"name": "15.3(3)JD11",
"product": {
"name": "15.3(3)JD11",
"product_id": "CSAFPID-231000"
}
},
{
"category": "service_pack",
"name": "15.3(3)JD12",
"product": {
"name": "15.3(3)JD12",
"product_id": "CSAFPID-231001"
}
},
{
"category": "service_pack",
"name": "15.3(3)JD13",
"product": {
"name": "15.3(3)JD13",
"product_id": "CSAFPID-232852"
}
},
{
"category": "service_pack",
"name": "15.3(3)JD14",
"product": {
"name": "15.3(3)JD14",
"product_id": "CSAFPID-234115"
}
},
{
"category": "service_pack",
"name": "15.3(3)JD15",
"product": {
"name": "15.3(3)JD15",
"product_id": "CSAFPID-238669"
}
}
],
"category": "product_version",
"name": "15.3JD"
},
{
"branches": [
{
"category": "service_pack",
"name": "15.6(3)M",
"product": {
"name": "15.6(3)M",
"product_id": "CSAFPID-214074"
}
},
{
"category": "service_pack",
"name": "15.6(3)M1",
"product": {
"name": "15.6(3)M1",
"product_id": "CSAFPID-220396"
}
},
{
"category": "service_pack",
"name": "15.6(3)M0a",
"product": {
"name": "15.6(3)M0a",
"product_id": "CSAFPID-220522"
}
},
{
"category": "service_pack",
"name": "15.6(3)M1a",
"product": {
"name": "15.6(3)M1a",
"product_id": "CSAFPID-224327"
}
},
{
"category": "service_pack",
"name": "15.6(3)M1b",
"product": {
"name": "15.6(3)M1b",
"product_id": "CSAFPID-224443"
}
},
{
"category": "service_pack",
"name": "15.6(3)M2",
"product": {
"name": "15.6(3)M2",
"product_id": "CSAFPID-225667"
}
},
{
"category": "service_pack",
"name": "15.6(3)M2a",
"product": {
"name": "15.6(3)M2a",
"product_id": "CSAFPID-227172"
}
},
{
"category": "service_pack",
"name": "15.6(3)M3",
"product": {
"name": "15.6(3)M3",
"product_id": "CSAFPID-228142"
}
},
{
"category": "service_pack",
"name": "15.6(3)M3a",
"product": {
"name": "15.6(3)M3a",
"product_id": "CSAFPID-228959"
}
},
{
"category": "service_pack",
"name": "15.6(3)M4",
"product": {
"name": "15.6(3)M4",
"product_id": "CSAFPID-228965"
}
}
],
"category": "product_version",
"name": "15.6M"
},
{
"branches": [
{
"category": "service_pack",
"name": "15.2(4)EC1",
"product": {
"name": "15.2(4)EC1",
"product_id": "CSAFPID-220461"
}
},
{
"category": "service_pack",
"name": "15.2(4)EC2",
"product": {
"name": "15.2(4)EC2",
"product_id": "CSAFPID-223086"
}
}
],
"category": "product_version",
"name": "15.2EC"
},
{
"branches": [
{
"category": "service_pack",
"name": "15.3(3)JPC5",
"product": {
"name": "15.3(3)JPC5",
"product_id": "CSAFPID-230995"
}
}
],
"category": "product_version",
"name": "15.3JPC"
},
{
"branches": [
{
"category": "service_pack",
"name": "15.4(1)SY",
"product": {
"name": "15.4(1)SY",
"product_id": "CSAFPID-217807"
}
},
{
"category": "service_pack",
"name": "15.4(1)SY1",
"product": {
"name": "15.4(1)SY1",
"product_id": "CSAFPID-220594"
}
},
{
"category": "service_pack",
"name": "15.4(1)SY2",
"product": {
"name": "15.4(1)SY2",
"product_id": "CSAFPID-224611"
}
},
{
"category": "service_pack",
"name": "15.4(1)SY3",
"product": {
"name": "15.4(1)SY3",
"product_id": "CSAFPID-228056"
}
},
{
"category": "service_pack",
"name": "15.4(1)SY4",
"product": {
"name": "15.4(1)SY4",
"product_id": "CSAFPID-230997"
}
}
],
"category": "product_version",
"name": "15.4SY"
},
{
"branches": [
{
"category": "service_pack",
"name": "15.3(3)JE",
"product": {
"name": "15.3(3)JE",
"product_id": "CSAFPID-218946"
}
}
],
"category": "product_version",
"name": "15.3JE"
},
{
"branches": [
{
"category": "service_pack",
"name": "15.3(3)JDA15",
"product": {
"name": "15.3(3)JDA15",
"product_id": "CSAFPID-238668"
}
}
],
"category": "product_version",
"name": "15.3JDA"
},
{
"branches": [
{
"category": "service_pack",
"name": "15.5(1)SY",
"product": {
"name": "15.5(1)SY",
"product_id": "CSAFPID-225786"
}
},
{
"category": "service_pack",
"name": "15.5(1)SY1",
"product": {
"name": "15.5(1)SY1",
"product_id": "CSAFPID-227110"
}
}
],
"category": "product_version",
"name": "15.5SY"
},
{
"branches": [
{
"category": "service_pack",
"name": "15.3(3)JF",
"product": {
"name": "15.3(3)JF",
"product_id": "CSAFPID-227048"
}
},
{
"category": "service_pack",
"name": "15.3(3)JF1",
"product": {
"name": "15.3(3)JF1",
"product_id": "CSAFPID-228956"
}
},
{
"category": "service_pack",
"name": "15.3(3)JF2",
"product": {
"name": "15.3(3)JF2",
"product_id": "CSAFPID-230826"
}
},
{
"category": "service_pack",
"name": "15.3(3)JF4",
"product": {
"name": "15.3(3)JF4",
"product_id": "CSAFPID-231679"
}
},
{
"category": "service_pack",
"name": "15.3(3)JF5",
"product": {
"name": "15.3(3)JF5",
"product_id": "CSAFPID-232061"
}
},
{
"category": "service_pack",
"name": "15.3(3)JF6",
"product": {
"name": "15.3(3)JF6",
"product_id": "CSAFPID-236205"
}
},
{
"category": "service_pack",
"name": "15.3(3)JF7",
"product": {
"name": "15.3(3)JF7",
"product_id": "CSAFPID-239361"
}
}
],
"category": "product_version",
"name": "15.3JF"
},
{
"branches": [
{
"category": "service_pack",
"name": "15.7(3)M",
"product": {
"name": "15.7(3)M",
"product_id": "CSAFPID-228191"
}
},
{
"category": "service_pack",
"name": "15.7(3)M1",
"product": {
"name": "15.7(3)M1",
"product_id": "CSAFPID-228973"
}
},
{
"category": "service_pack",
"name": "15.7(3)M0a",
"product": {
"name": "15.7(3)M0a",
"product_id": "CSAFPID-230624"
}
}
],
"category": "product_version",
"name": "15.7M"
},
{
"branches": [
{
"category": "service_pack",
"name": "15.3(3)JG",
"product": {
"name": "15.3(3)JG",
"product_id": "CSAFPID-230603"
}
},
{
"category": "service_pack",
"name": "15.3(3)JG1",
"product": {
"name": "15.3(3)JG1",
"product_id": "CSAFPID-231796"
}
}
],
"category": "product_version",
"name": "15.3JG"
},
{
"branches": [
{
"category": "service_pack",
"name": "15.3(3)JH",
"product": {
"name": "15.3(3)JH",
"product_id": "CSAFPID-230605"
}
},
{
"category": "service_pack",
"name": "15.3(3)JH1",
"product": {
"name": "15.3(3)JH1",
"product_id": "CSAFPID-238504"
}
}
],
"category": "product_version",
"name": "15.3JH"
},
{
"branches": [
{
"category": "service_pack",
"name": "12.2(6)I1",
"product": {
"name": "12.2(6)I1",
"product_id": "CSAFPID-243144"
}
}
],
"category": "product_version",
"name": "12.2I"
},
{
"branches": [
{
"category": "service_pack",
"name": "15.1(3)SVR1",
"product": {
"name": "15.1(3)SVR1",
"product_id": "CSAFPID-277230"
}
},
{
"category": "service_pack",
"name": "15.1(3)SVR2",
"product": {
"name": "15.1(3)SVR2",
"product_id": "CSAFPID-277253"
}
},
{
"category": "service_pack",
"name": "15.1(3)SVR3",
"product": {
"name": "15.1(3)SVR3",
"product_id": "CSAFPID-279337"
}
},
{
"category": "service_pack",
"name": "15.1(3)SVR10",
"product": {
"name": "15.1(3)SVR10",
"product_id": "CSAFPID-290618"
}
}
],
"category": "product_version",
"name": "15.1SVR"
},
{
"branches": [
{
"category": "service_pack",
"name": "15.1(3)SVS",
"product": {
"name": "15.1(3)SVS",
"product_id": "CSAFPID-277232"
}
},
{
"category": "service_pack",
"name": "15.1(3)SVS1",
"product": {
"name": "15.1(3)SVS1",
"product_id": "CSAFPID-279335"
}
}
],
"category": "product_version",
"name": "15.1SVS"
},
{
"branches": [
{
"category": "service_pack",
"name": "15.1(3)SVT1",
"product": {
"name": "15.1(3)SVT1",
"product_id": "CSAFPID-280759"
}
},
{
"category": "service_pack",
"name": "15.1(3)SVT2",
"product": {
"name": "15.1(3)SVT2",
"product_id": "CSAFPID-282026"
}
},
{
"category": "service_pack",
"name": "15.1(3)SVT3",
"product": {
"name": "15.1(3)SVT3",
"product_id": "CSAFPID-284785"
}
},
{
"category": "service_pack",
"name": "15.1(3)SVT4",
"product": {
"name": "15.1(3)SVT4",
"product_id": "CSAFPID-286399"
}
}
],
"category": "product_version",
"name": "15.1SVT"
},
{
"branches": [
{
"category": "service_pack",
"name": "15.1(3)SVU1",
"product": {
"name": "15.1(3)SVU1",
"product_id": "CSAFPID-283833"
}
},
{
"category": "service_pack",
"name": "15.1(3)SVU10",
"product": {
"name": "15.1(3)SVU10",
"product_id": "CSAFPID-284291"
}
},
{
"category": "service_pack",
"name": "15.1(3)SVU2",
"product": {
"name": "15.1(3)SVU2",
"product_id": "CSAFPID-284566"
}
},
{
"category": "service_pack",
"name": "15.1(3)SVU11",
"product": {
"name": "15.1(3)SVU11",
"product_id": "CSAFPID-286400"
}
},
{
"category": "service_pack",
"name": "15.1(3)SVU20",
"product": {
"name": "15.1(3)SVU20",
"product_id": "CSAFPID-289270"
}
},
{
"category": "service_pack",
"name": "15.1(3)SVU21",
"product": {
"name": "15.1(3)SVU21",
"product_id": "CSAFPID-290557"
}
}
],
"category": "product_version",
"name": "15.1SVU"
},
{
"branches": [
{
"category": "service_pack",
"name": "15.1(3)SVV1",
"product": {
"name": "15.1(3)SVV1",
"product_id": "CSAFPID-284341"
}
},
{
"category": "service_pack",
"name": "15.1(3)SVV2",
"product": {
"name": "15.1(3)SVV2",
"product_id": "CSAFPID-286029"
}
},
{
"category": "service_pack",
"name": "15.1(3)SVV3",
"product": {
"name": "15.1(3)SVV3",
"product_id": "CSAFPID-286940"
}
},
{
"category": "service_pack",
"name": "15.1(3)SVV4",
"product": {
"name": "15.1(3)SVV4",
"product_id": "CSAFPID-289371"
}
}
],
"category": "product_version",
"name": "15.1SVV"
},
{
"branches": [
{
"category": "service_pack",
"name": "15.1(3)SVW",
"product": {
"name": "15.1(3)SVW",
"product_id": "CSAFPID-286451"
}
},
{
"category": "service_pack",
"name": "15.1(3)SVW1",
"product": {
"name": "15.1(3)SVW1",
"product_id": "CSAFPID-286844"
}
}
],
"category": "product_version",
"name": "15.1SVW"
},
{
"branches": [
{
"category": "service_pack",
"name": "15.1(3)SVX",
"product": {
"name": "15.1(3)SVX",
"product_id": "CSAFPID-286927"
}
},
{
"category": "service_pack",
"name": "15.1(3)SVX1",
"product": {
"name": "15.1(3)SVX1",
"product_id": "CSAFPID-289301"
}
}
],
"category": "product_version",
"name": "15.1SVX"
}
],
"category": "product_family",
"name": "IOS"
},
{
"branches": [
{
"branches": [
{
"category": "service_pack",
"name": "3.16.0S",
"product": {
"name": "3.16.0S",
"product_id": "CSAFPID-210081"
}
},
{
"category": "service_pack",
"name": "3.16.1S",
"product": {
"name": "3.16.1S",
"product_id": "CSAFPID-212408"
}
},
{
"category": "service_pack",
"name": "3.16.0aS",
"product": {
"name": "3.16.0aS",
"product_id": "CSAFPID-213476"
}
},
{
"category": "service_pack",
"name": "3.16.1aS",
"product": {
"name": "3.16.1aS",
"product_id": "CSAFPID-213477"
}
},
{
"category": "service_pack",
"name": "3.16.2S",
"product": {
"name": "3.16.2S",
"product_id": "CSAFPID-213478"
}
},
{
"category": "service_pack",
"name": "3.16.2aS",
"product": {
"name": "3.16.2aS",
"product_id": "CSAFPID-213635"
}
},
{
"category": "service_pack",
"name": "3.16.0bS",
"product": {
"name": "3.16.0bS",
"product_id": "CSAFPID-213777"
}
},
{
"category": "service_pack",
"name": "3.16.0cS",
"product": {
"name": "3.16.0cS",
"product_id": "CSAFPID-213778"
}
},
{
"category": "service_pack",
"name": "3.16.3S",
"product": {
"name": "3.16.3S",
"product_id": "CSAFPID-213779"
}
},
{
"category": "service_pack",
"name": "3.16.2bS",
"product": {
"name": "3.16.2bS",
"product_id": "CSAFPID-217265"
}
},
{
"category": "service_pack",
"name": "3.16.3aS",
"product": {
"name": "3.16.3aS",
"product_id": "CSAFPID-217266"
}
},
{
"category": "service_pack",
"name": "3.16.4S",
"product": {
"name": "3.16.4S",
"product_id": "CSAFPID-217267"
}
},
{
"category": "service_pack",
"name": "3.16.4aS",
"product": {
"name": "3.16.4aS",
"product_id": "CSAFPID-220993"
}
},
{
"category": "service_pack",
"name": "3.16.4bS",
"product": {
"name": "3.16.4bS",
"product_id": "CSAFPID-222257"
}
},
{
"category": "service_pack",
"name": "3.16.4gS",
"product": {
"name": "3.16.4gS",
"product_id": "CSAFPID-222693"
}
},
{
"category": "service_pack",
"name": "3.16.5S",
"product": {
"name": "3.16.5S",
"product_id": "CSAFPID-222694"
}
},
{
"category": "service_pack",
"name": "3.16.4cS",
"product": {
"name": "3.16.4cS",
"product_id": "CSAFPID-222925"
}
},
{
"category": "service_pack",
"name": "3.16.4dS",
"product": {
"name": "3.16.4dS",
"product_id": "CSAFPID-223252"
}
},
{
"category": "service_pack",
"name": "3.16.4eS",
"product": {
"name": "3.16.4eS",
"product_id": "CSAFPID-224702"
}
},
{
"category": "service_pack",
"name": "3.16.6S",
"product": {
"name": "3.16.6S",
"product_id": "CSAFPID-225099"
}
},
{
"category": "service_pack",
"name": "3.16.5aS",
"product": {
"name": "3.16.5aS",
"product_id": "CSAFPID-225466"
}
},
{
"category": "service_pack",
"name": "3.16.5bS",
"product": {
"name": "3.16.5bS",
"product_id": "CSAFPID-225832"
}
},
{
"category": "service_pack",
"name": "3.16.7S",
"product": {
"name": "3.16.7S",
"product_id": "CSAFPID-228690"
}
},
{
"category": "service_pack",
"name": "3.16.6bS",
"product": {
"name": "3.16.6bS",
"product_id": "CSAFPID-230303"
}
},
{
"category": "service_pack",
"name": "3.16.7aS",
"product": {
"name": "3.16.7aS",
"product_id": "CSAFPID-233141"
}
},
{
"category": "service_pack",
"name": "3.16.7bS",
"product": {
"name": "3.16.7bS",
"product_id": "CSAFPID-233447"
}
}
],
"category": "product_version",
"name": "3.16S"
},
{
"branches": [
{
"category": "service_pack",
"name": "3.17.0S",
"product": {
"name": "3.17.0S",
"product_id": "CSAFPID-212411"
}
},
{
"category": "service_pack",
"name": "3.17.1S",
"product": {
"name": "3.17.1S",
"product_id": "CSAFPID-212412"
}
},
{
"category": "service_pack",
"name": "3.17.2S",
"product": {
"name": "3.17.2S",
"product_id": "CSAFPID-217234"
}
},
{
"category": "service_pack",
"name": "3.17.1aS",
"product": {
"name": "3.17.1aS",
"product_id": "CSAFPID-217268"
}
},
{
"category": "service_pack",
"name": "3.17.3S",
"product": {
"name": "3.17.3S",
"product_id": "CSAFPID-222942"
}
},
{
"category": "service_pack",
"name": "3.17.4S",
"product": {
"name": "3.17.4S",
"product_id": "CSAFPID-227556"
}
}
],
"category": "product_version",
"name": "3.17S"
},
{
"branches": [
{
"category": "service_pack",
"name": "16.1.1",
"product": {
"name": "16.1.1",
"product_id": "CSAFPID-212436"
}
},
{
"category": "service_pack",
"name": "16.1.2",
"product": {
"name": "16.1.2",
"product_id": "CSAFPID-213100"
}
},
{
"category": "service_pack",
"name": "16.1.3",
"product": {
"name": "16.1.3",
"product_id": "CSAFPID-214993"
}
}
],
"category": "product_version",
"name": "16.1"
},
{
"branches": [
{
"category": "service_pack",
"name": "16.2.1",
"product": {
"name": "16.2.1",
"product_id": "CSAFPID-213809"
}
},
{
"category": "service_pack",
"name": "16.2.2",
"product": {
"name": "16.2.2",
"product_id": "CSAFPID-217253"
}
}
],
"category": "product_version",
"name": "16.2"
},
{
"branches": [
{
"category": "service_pack",
"name": "3.8.0E",
"product": {
"name": "3.8.0E",
"product_id": "CSAFPID-213811"
}
},
{
"category": "service_pack",
"name": "3.8.1E",
"product": {
"name": "3.8.1E",
"product_id": "CSAFPID-213812"
}
},
{
"category": "service_pack",
"name": "3.8.2E",
"product": {
"name": "3.8.2E",
"product_id": "CSAFPID-217283"
}
},
{
"category": "service_pack",
"name": "3.8.3E",
"product": {
"name": "3.8.3E",
"product_id": "CSAFPID-220489"
}
},
{
"category": "service_pack",
"name": "3.8.4E",
"product": {
"name": "3.8.4E",
"product_id": "CSAFPID-222695"
}
},
{
"category": "service_pack",
"name": "3.8.5E",
"product": {
"name": "3.8.5E",
"product_id": "CSAFPID-226331"
}
},
{
"category": "service_pack",
"name": "3.8.5aE",
"product": {
"name": "3.8.5aE",
"product_id": "CSAFPID-231004"
}
},
{
"category": "service_pack",
"name": "3.8.6E",
"product": {
"name": "3.8.6E",
"product_id": "CSAFPID-231472"
}
}
],
"category": "product_version",
"name": "3.8E"
},
{
"branches": [
{
"category": "service_pack",
"name": "16.3.1",
"product": {
"name": "16.3.1",
"product_id": "CSAFPID-213960"
}
},
{
"category": "service_pack",
"name": "16.3.2",
"product": {
"name": "16.3.2",
"product_id": "CSAFPID-217255"
}
},
{
"category": "service_pack",
"name": "16.3.3",
"product": {
"name": "16.3.3",
"product_id": "CSAFPID-217256"
}
},
{
"category": "service_pack",
"name": "16.3.1a",
"product": {
"name": "16.3.1a",
"product_id": "CSAFPID-220802"
}
},
{
"category": "service_pack",
"name": "16.3.4",
"product": {
"name": "16.3.4",
"product_id": "CSAFPID-222711"
}
},
{
"category": "service_pack",
"name": "16.3.5",
"product": {
"name": "16.3.5",
"product_id": "CSAFPID-229124"
}
},
{
"category": "service_pack",
"name": "16.3.5b",
"product": {
"name": "16.3.5b",
"product_id": "CSAFPID-231187"
}
},
{
"category": "service_pack",
"name": "16.3.6",
"product": {
"name": "16.3.6",
"product_id": "CSAFPID-231667"
}
}
],
"category": "product_version",
"name": "16.3"
},
{
"branches": [
{
"category": "service_pack",
"name": "16.4.1",
"product": {
"name": "16.4.1",
"product_id": "CSAFPID-214051"
}
},
{
"category": "service_pack",
"name": "16.4.2",
"product": {
"name": "16.4.2",
"product_id": "CSAFPID-217257"
}
},
{
"category": "service_pack",
"name": "16.4.3",
"product": {
"name": "16.4.3",
"product_id": "CSAFPID-231390"
}
}
],
"category": "product_version",
"name": "16.4"
},
{
"branches": [
{
"category": "service_pack",
"name": "16.5.1",
"product": {
"name": "16.5.1",
"product_id": "CSAFPID-217259"
}
},
{
"category": "service_pack",
"name": "16.5.1a",
"product": {
"name": "16.5.1a",
"product_id": "CSAFPID-225784"
}
},
{
"category": "service_pack",
"name": "16.5.1b",
"product": {
"name": "16.5.1b",
"product_id": "CSAFPID-226330"
}
},
{
"category": "service_pack",
"name": "16.5.2",
"product": {
"name": "16.5.2",
"product_id": "CSAFPID-229187"
}
},
{
"category": "service_pack",
"name": "16.5.3",
"product": {
"name": "16.5.3",
"product_id": "CSAFPID-232461"
}
}
],
"category": "product_version",
"name": "16.5"
},
{
"branches": [
{
"category": "service_pack",
"name": "3.18.0aS",
"product": {
"name": "3.18.0aS",
"product_id": "CSAFPID-217270"
}
},
{
"category": "service_pack",
"name": "3.18.0S",
"product": {
"name": "3.18.0S",
"product_id": "CSAFPID-217271"
}
},
{
"category": "service_pack",
"name": "3.18.1S",
"product": {
"name": "3.18.1S",
"product_id": "CSAFPID-217272"
}
},
{
"category": "service_pack",
"name": "3.18.2S",
"product": {
"name": "3.18.2S",
"product_id": "CSAFPID-217273"
}
},
{
"category": "service_pack",
"name": "3.18.3S",
"product": {
"name": "3.18.3S",
"product_id": "CSAFPID-226078"
}
},
{
"category": "service_pack",
"name": "3.18.4S",
"product": {
"name": "3.18.4S",
"product_id": "CSAFPID-228193"
}
}
],
"category": "product_version",
"name": "3.18S"
},
{
"branches": [
{
"category": "service_pack",
"name": "3.18.0SP",
"product": {
"name": "3.18.0SP",
"product_id": "CSAFPID-217276"
}
},
{
"category": "service_pack",
"name": "3.18.1SP",
"product": {
"name": "3.18.1SP",
"product_id": "CSAFPID-220517"
}
},
{
"category": "service_pack",
"name": "3.18.1aSP",
"product": {
"name": "3.18.1aSP",
"product_id": "CSAFPID-223018"
}
},
{
"category": "service_pack",
"name": "3.18.1gSP",
"product": {
"name": "3.18.1gSP",
"product_id": "CSAFPID-223019"
}
},
{
"category": "service_pack",
"name": "3.18.1bSP",
"product": {
"name": "3.18.1bSP",
"product_id": "CSAFPID-223241"
}
},
{
"category": "service_pack",
"name": "3.18.1cSP",
"product": {
"name": "3.18.1cSP",
"product_id": "CSAFPID-224424"
}
},
{
"category": "service_pack",
"name": "3.18.2SP",
"product": {
"name": "3.18.2SP",
"product_id": "CSAFPID-225168"
}
},
{
"category": "service_pack",
"name": "3.18.1hSP",
"product": {
"name": "3.18.1hSP",
"product_id": "CSAFPID-225359"
}
},
{
"category": "service_pack",
"name": "3.18.2aSP",
"product": {
"name": "3.18.2aSP",
"product_id": "CSAFPID-226160"
}
},
{
"category": "service_pack",
"name": "3.18.1iSP",
"product": {
"name": "3.18.1iSP",
"product_id": "CSAFPID-226354"
}
},
{
"category": "service_pack",
"name": "3.18.3SP",
"product": {
"name": "3.18.3SP",
"product_id": "CSAFPID-228194"
}
},
{
"category": "service_pack",
"name": "3.18.4SP",
"product": {
"name": "3.18.4SP",
"product_id": "CSAFPID-230301"
}
},
{
"category": "service_pack",
"name": "3.18.3aSP",
"product": {
"name": "3.18.3aSP",
"product_id": "CSAFPID-230302"
}
},
{
"category": "service_pack",
"name": "3.18.3bSP",
"product": {
"name": "3.18.3bSP",
"product_id": "CSAFPID-231826"
}
}
],
"category": "product_version",
"name": "3.18SP"
},
{
"branches": [
{
"category": "service_pack",
"name": "3.9.0E",
"product": {
"name": "3.9.0E",
"product_id": "CSAFPID-217282"
}
},
{
"category": "service_pack",
"name": "3.9.1E",
"product": {
"name": "3.9.1E",
"product_id": "CSAFPID-222483"
}
},
{
"category": "service_pack",
"name": "3.9.2E",
"product": {
"name": "3.9.2E",
"product_id": "CSAFPID-226158"
}
},
{
"category": "service_pack",
"name": "3.9.2bE",
"product": {
"name": "3.9.2bE",
"product_id": "CSAFPID-227755"
}
}
],
"category": "product_version",
"name": "3.9E"
},
{
"branches": [
{
"category": "service_pack",
"name": "16.6.1",
"product": {
"name": "16.6.1",
"product_id": "CSAFPID-218901"
}
},
{
"category": "service_pack",
"name": "16.6.2",
"product": {
"name": "16.6.2",
"product_id": "CSAFPID-228706"
}
},
{
"category": "service_pack",
"name": "16.6.3",
"product": {
"name": "16.6.3",
"product_id": "CSAFPID-231682"
}
}
],
"category": "product_version",
"name": "16.6"
},
{
"branches": [
{
"category": "service_pack",
"name": "16.7.1",
"product": {
"name": "16.7.1",
"product_id": "CSAFPID-218903"
}
},
{
"category": "service_pack",
"name": "16.7.1a",
"product": {
"name": "16.7.1a",
"product_id": "CSAFPID-231389"
}
},
{
"category": "service_pack",
"name": "16.7.1b",
"product": {
"name": "16.7.1b",
"product_id": "CSAFPID-232767"
}
}
],
"category": "product_version",
"name": "16.7"
},
{
"branches": [
{
"category": "service_pack",
"name": "16.8.1",
"product": {
"name": "16.8.1",
"product_id": "CSAFPID-218905"
}
},
{
"category": "service_pack",
"name": "16.8.1a",
"product": {
"name": "16.8.1a",
"product_id": "CSAFPID-235307"
}
},
{
"category": "service_pack",
"name": "16.8.1b",
"product": {
"name": "16.8.1b",
"product_id": "CSAFPID-235858"
}
},
{
"category": "service_pack",
"name": "16.8.1s",
"product": {
"name": "16.8.1s",
"product_id": "CSAFPID-236834"
}
},
{
"category": "service_pack",
"name": "16.8.1c",
"product": {
"name": "16.8.1c",
"product_id": "CSAFPID-237460"
}
}
],
"category": "product_version",
"name": "16.8"
},
{
"branches": [
{
"category": "service_pack",
"name": "3.10.0E",
"product": {
"name": "3.10.0E",
"product_id": "CSAFPID-227555"
}
},
{
"category": "service_pack",
"name": "3.10.1E",
"product": {
"name": "3.10.1E",
"product_id": "CSAFPID-228689"
}
},
{
"category": "service_pack",
"name": "3.10.0cE",
"product": {
"name": "3.10.0cE",
"product_id": "CSAFPID-231246"
}
},
{
"category": "service_pack",
"name": "3.10.1aE",
"product": {
"name": "3.10.1aE",
"product_id": "CSAFPID-239000"
}
},
{
"category": "service_pack",
"name": "3.10.1sE",
"product": {
"name": "3.10.1sE",
"product_id": "CSAFPID-240187"
}
}
],
"category": "product_version",
"name": "3.10E"
}
],
"category": "product_family",
"name": "Cisco IOS XE Software"
}
],
"category": "vendor",
"name": "Cisco"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-15377",
"ids": [
{
"system_name": "Cisco Bug ID",
"text": "CSCvi30136"
}
],
"notes": [
{
"category": "other",
"text": "Complete.",
"title": "Affected Product Comprehensiveness"
}
],
"product_status": {
"known_affected": [
"CSAFPID-210081",
"CSAFPID-212408",
"CSAFPID-212411",
"CSAFPID-212412",
"CSAFPID-212436",
"CSAFPID-213100",
"CSAFPID-213476",
"CSAFPID-213477",
"CSAFPID-213478",
"CSAFPID-213635",
"CSAFPID-213777",
"CSAFPID-213778",
"CSAFPID-213779",
"CSAFPID-213809",
"CSAFPID-213811",
"CSAFPID-213812",
"CSAFPID-213960",
"CSAFPID-214051",
"CSAFPID-214993",
"CSAFPID-217234",
"CSAFPID-217253",
"CSAFPID-217255",
"CSAFPID-217256",
"CSAFPID-217257",
"CSAFPID-217259",
"CSAFPID-217265",
"CSAFPID-217266",
"CSAFPID-217267",
"CSAFPID-217268",
"CSAFPID-217270",
"CSAFPID-217271",
"CSAFPID-217272",
"CSAFPID-217273",
"CSAFPID-217276",
"CSAFPID-217282",
"CSAFPID-217283",
"CSAFPID-218901",
"CSAFPID-218903",
"CSAFPID-218905",
"CSAFPID-220489",
"CSAFPID-220517",
"CSAFPID-220802",
"CSAFPID-220993",
"CSAFPID-222257",
"CSAFPID-222483",
"CSAFPID-222693",
"CSAFPID-222694",
"CSAFPID-222695",
"CSAFPID-222711",
"CSAFPID-222925",
"CSAFPID-222942",
"CSAFPID-223018",
"CSAFPID-223019",
"CSAFPID-223241",
"CSAFPID-223252",
"CSAFPID-224424",
"CSAFPID-224702",
"CSAFPID-225099",
"CSAFPID-225168",
"CSAFPID-225359",
"CSAFPID-225466",
"CSAFPID-225784",
"CSAFPID-225832",
"CSAFPID-226078",
"CSAFPID-226158",
"CSAFPID-226160",
"CSAFPID-226330",
"CSAFPID-226331",
"CSAFPID-226354",
"CSAFPID-227555",
"CSAFPID-227556",
"CSAFPID-227755",
"CSAFPID-228193",
"CSAFPID-228194",
"CSAFPID-228689",
"CSAFPID-228690",
"CSAFPID-228706",
"CSAFPID-229124",
"CSAFPID-229187",
"CSAFPID-230301",
"CSAFPID-230302",
"CSAFPID-230303",
"CSAFPID-231004",
"CSAFPID-231187",
"CSAFPID-231246",
"CSAFPID-231389",
"CSAFPID-231390",
"CSAFPID-231472",
"CSAFPID-231667",
"CSAFPID-231682",
"CSAFPID-231826",
"CSAFPID-232461",
"CSAFPID-232767",
"CSAFPID-233141",
"CSAFPID-233447",
"CSAFPID-235307",
"CSAFPID-235858",
"CSAFPID-236834",
"CSAFPID-237460",
"CSAFPID-239000",
"CSAFPID-240187",
"CSAFPID-200509",
"CSAFPID-204108",
"CSAFPID-204822",
"CSAFPID-204901",
"CSAFPID-205516",
"CSAFPID-209113",
"CSAFPID-209115",
"CSAFPID-209360",
"CSAFPID-209532",
"CSAFPID-209632",
"CSAFPID-209887",
"CSAFPID-209936",
"CSAFPID-210129",
"CSAFPID-210203",
"CSAFPID-210958",
"CSAFPID-211603",
"CSAFPID-211825",
"CSAFPID-211984",
"CSAFPID-212118",
"CSAFPID-212127",
"CSAFPID-212321",
"CSAFPID-212407",
"CSAFPID-212445",
"CSAFPID-212701",
"CSAFPID-213000",
"CSAFPID-213001",
"CSAFPID-213034",
"CSAFPID-213086",
"CSAFPID-213594",
"CSAFPID-213610",
"CSAFPID-213633",
"CSAFPID-213789",
"CSAFPID-214072",
"CSAFPID-214074",
"CSAFPID-214161",
"CSAFPID-214556",
"CSAFPID-214938",
"CSAFPID-214965",
"CSAFPID-216215",
"CSAFPID-216239",
"CSAFPID-216258",
"CSAFPID-216419",
"CSAFPID-216961",
"CSAFPID-216962",
"CSAFPID-217805",
"CSAFPID-217807",
"CSAFPID-218946",
"CSAFPID-218995",
"CSAFPID-218996",
"CSAFPID-218997",
"CSAFPID-220038",
"CSAFPID-220396",
"CSAFPID-220441",
"CSAFPID-220444",
"CSAFPID-220457",
"CSAFPID-220460",
"CSAFPID-220461",
"CSAFPID-220507",
"CSAFPID-220521",
"CSAFPID-220522",
"CSAFPID-220594",
"CSAFPID-220664",
"CSAFPID-221093",
"CSAFPID-221137",
"CSAFPID-222419",
"CSAFPID-222500",
"CSAFPID-222530",
"CSAFPID-222716",
"CSAFPID-222924",
"CSAFPID-222931",
"CSAFPID-222988",
"CSAFPID-222989",
"CSAFPID-223085",
"CSAFPID-223086",
"CSAFPID-223143",
"CSAFPID-223189",
"CSAFPID-224327",
"CSAFPID-224442",
"CSAFPID-224443",
"CSAFPID-224553",
"CSAFPID-224566",
"CSAFPID-224611",
"CSAFPID-225155",
"CSAFPID-225407",
"CSAFPID-225667",
"CSAFPID-225740",
"CSAFPID-225786",
"CSAFPID-225790",
"CSAFPID-226076",
"CSAFPID-226077",
"CSAFPID-226165",
"CSAFPID-226172",
"CSAFPID-227048",
"CSAFPID-227110",
"CSAFPID-227172",
"CSAFPID-227598",
"CSAFPID-227612",
"CSAFPID-227613",
"CSAFPID-227789",
"CSAFPID-227791",
"CSAFPID-227914",
"CSAFPID-227959",
"CSAFPID-228056",
"CSAFPID-228075",
"CSAFPID-228142",
"CSAFPID-228151",
"CSAFPID-228191",
"CSAFPID-228195",
"CSAFPID-228693",
"CSAFPID-228955",
"CSAFPID-228956",
"CSAFPID-228957",
"CSAFPID-228958",
"CSAFPID-228959",
"CSAFPID-228965",
"CSAFPID-228973",
"CSAFPID-230588",
"CSAFPID-230589",
"CSAFPID-230590",
"CSAFPID-230591",
"CSAFPID-230592",
"CSAFPID-230596",
"CSAFPID-230598",
"CSAFPID-230603",
"CSAFPID-230605",
"CSAFPID-230609",
"CSAFPID-230611",
"CSAFPID-230612",
"CSAFPID-230613",
"CSAFPID-230614",
"CSAFPID-230616",
"CSAFPID-230618",
"CSAFPID-230624",
"CSAFPID-230824",
"CSAFPID-230826",
"CSAFPID-230995",
"CSAFPID-230997",
"CSAFPID-231000",
"CSAFPID-231001",
"CSAFPID-231017",
"CSAFPID-231245",
"CSAFPID-231471",
"CSAFPID-231679",
"CSAFPID-231796",
"CSAFPID-232061",
"CSAFPID-232093",
"CSAFPID-232852",
"CSAFPID-234115",
"CSAFPID-236205",
"CSAFPID-236297",
"CSAFPID-238504",
"CSAFPID-238668",
"CSAFPID-238669",
"CSAFPID-238999",
"CSAFPID-239361",
"CSAFPID-240186",
"CSAFPID-241916",
"CSAFPID-243144",
"CSAFPID-250628",
"CSAFPID-254081",
"CSAFPID-262382",
"CSAFPID-275327",
"CSAFPID-277230",
"CSAFPID-277232",
"CSAFPID-277253",
"CSAFPID-278136",
"CSAFPID-279335",
"CSAFPID-279337",
"CSAFPID-280759",
"CSAFPID-282026",
"CSAFPID-283833",
"CSAFPID-284291",
"CSAFPID-284341",
"CSAFPID-284566",
"CSAFPID-284785",
"CSAFPID-286029",
"CSAFPID-286399",
"CSAFPID-286400",
"CSAFPID-286451",
"CSAFPID-286844",
"CSAFPID-286927",
"CSAFPID-286940",
"CSAFPID-289270",
"CSAFPID-289301",
"CSAFPID-289371",
"CSAFPID-290557",
"CSAFPID-290618"
]
},
"release_date": "2018-09-26T16:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Cisco has released software updates that address this vulnerability.",
"product_ids": [
"CSAFPID-210081",
"CSAFPID-212408",
"CSAFPID-212411",
"CSAFPID-212412",
"CSAFPID-212436",
"CSAFPID-213100",
"CSAFPID-213476",
"CSAFPID-213477",
"CSAFPID-213478",
"CSAFPID-213635",
"CSAFPID-213777",
"CSAFPID-213778",
"CSAFPID-213779",
"CSAFPID-213809",
"CSAFPID-213811",
"CSAFPID-213812",
"CSAFPID-213960",
"CSAFPID-214051",
"CSAFPID-214993",
"CSAFPID-217234",
"CSAFPID-217253",
"CSAFPID-217255",
"CSAFPID-217256",
"CSAFPID-217257",
"CSAFPID-217259",
"CSAFPID-217265",
"CSAFPID-217266",
"CSAFPID-217267",
"CSAFPID-217268",
"CSAFPID-217270",
"CSAFPID-217271",
"CSAFPID-217272",
"CSAFPID-217273",
"CSAFPID-217276",
"CSAFPID-217282",
"CSAFPID-217283",
"CSAFPID-218901",
"CSAFPID-218903",
"CSAFPID-218905",
"CSAFPID-220489",
"CSAFPID-220517",
"CSAFPID-220802",
"CSAFPID-220993",
"CSAFPID-222257",
"CSAFPID-222483",
"CSAFPID-222693",
"CSAFPID-222694",
"CSAFPID-222695",
"CSAFPID-222711",
"CSAFPID-222925",
"CSAFPID-222942",
"CSAFPID-223018",
"CSAFPID-223019",
"CSAFPID-223241",
"CSAFPID-223252",
"CSAFPID-224424",
"CSAFPID-224702",
"CSAFPID-225099",
"CSAFPID-225168",
"CSAFPID-225359",
"CSAFPID-225466",
"CSAFPID-225784",
"CSAFPID-225832",
"CSAFPID-226078",
"CSAFPID-226158",
"CSAFPID-226160",
"CSAFPID-226330",
"CSAFPID-226331",
"CSAFPID-226354",
"CSAFPID-227555",
"CSAFPID-227556",
"CSAFPID-227755",
"CSAFPID-228193",
"CSAFPID-228194",
"CSAFPID-228689",
"CSAFPID-228690",
"CSAFPID-228706",
"CSAFPID-229124",
"CSAFPID-229187",
"CSAFPID-230301",
"CSAFPID-230302",
"CSAFPID-230303",
"CSAFPID-231004",
"CSAFPID-231187",
"CSAFPID-231246",
"CSAFPID-231389",
"CSAFPID-231390",
"CSAFPID-231472",
"CSAFPID-231667",
"CSAFPID-231682",
"CSAFPID-231826",
"CSAFPID-232461",
"CSAFPID-232767",
"CSAFPID-233141",
"CSAFPID-233447",
"CSAFPID-235307",
"CSAFPID-235858",
"CSAFPID-236834",
"CSAFPID-237460",
"CSAFPID-239000",
"CSAFPID-240187",
"CSAFPID-200509",
"CSAFPID-204108",
"CSAFPID-204822",
"CSAFPID-204901",
"CSAFPID-205516",
"CSAFPID-209113",
"CSAFPID-209115",
"CSAFPID-209360",
"CSAFPID-209532",
"CSAFPID-209632",
"CSAFPID-209887",
"CSAFPID-209936",
"CSAFPID-210129",
"CSAFPID-210203",
"CSAFPID-210958",
"CSAFPID-211603",
"CSAFPID-211825",
"CSAFPID-211984",
"CSAFPID-212118",
"CSAFPID-212127",
"CSAFPID-212321",
"CSAFPID-212407",
"CSAFPID-212445",
"CSAFPID-212701",
"CSAFPID-213000",
"CSAFPID-213001",
"CSAFPID-213034",
"CSAFPID-213086",
"CSAFPID-213594",
"CSAFPID-213610",
"CSAFPID-213633",
"CSAFPID-213789",
"CSAFPID-214072",
"CSAFPID-214074",
"CSAFPID-214161",
"CSAFPID-214556",
"CSAFPID-214938",
"CSAFPID-214965",
"CSAFPID-216215",
"CSAFPID-216239",
"CSAFPID-216258",
"CSAFPID-216419",
"CSAFPID-216961",
"CSAFPID-216962",
"CSAFPID-217805",
"CSAFPID-217807",
"CSAFPID-218946",
"CSAFPID-218995",
"CSAFPID-218996",
"CSAFPID-218997",
"CSAFPID-220038",
"CSAFPID-220396",
"CSAFPID-220441",
"CSAFPID-220444",
"CSAFPID-220457",
"CSAFPID-220460",
"CSAFPID-220461",
"CSAFPID-220507",
"CSAFPID-220521",
"CSAFPID-220522",
"CSAFPID-220594",
"CSAFPID-220664",
"CSAFPID-221093",
"CSAFPID-221137",
"CSAFPID-222419",
"CSAFPID-222500",
"CSAFPID-222530",
"CSAFPID-222716",
"CSAFPID-222924",
"CSAFPID-222931",
"CSAFPID-222988",
"CSAFPID-222989",
"CSAFPID-223085",
"CSAFPID-223086",
"CSAFPID-223143",
"CSAFPID-223189",
"CSAFPID-224327",
"CSAFPID-224442",
"CSAFPID-224443",
"CSAFPID-224553",
"CSAFPID-224566",
"CSAFPID-224611",
"CSAFPID-225155",
"CSAFPID-225407",
"CSAFPID-225667",
"CSAFPID-225740",
"CSAFPID-225786",
"CSAFPID-225790",
"CSAFPID-226076",
"CSAFPID-226077",
"CSAFPID-226165",
"CSAFPID-226172",
"CSAFPID-227048",
"CSAFPID-227110",
"CSAFPID-227172",
"CSAFPID-227598",
"CSAFPID-227612",
"CSAFPID-227613",
"CSAFPID-227789",
"CSAFPID-227791",
"CSAFPID-227914",
"CSAFPID-227959",
"CSAFPID-228056",
"CSAFPID-228075",
"CSAFPID-228142",
"CSAFPID-228151",
"CSAFPID-228191",
"CSAFPID-228195",
"CSAFPID-228693",
"CSAFPID-228955",
"CSAFPID-228956",
"CSAFPID-228957",
"CSAFPID-228958",
"CSAFPID-228959",
"CSAFPID-228965",
"CSAFPID-228973",
"CSAFPID-230588",
"CSAFPID-230589",
"CSAFPID-230590",
"CSAFPID-230591",
"CSAFPID-230592",
"CSAFPID-230596",
"CSAFPID-230598",
"CSAFPID-230603",
"CSAFPID-230605",
"CSAFPID-230609",
"CSAFPID-230611",
"CSAFPID-230612",
"CSAFPID-230613",
"CSAFPID-230614",
"CSAFPID-230616",
"CSAFPID-230618",
"CSAFPID-230624",
"CSAFPID-230824",
"CSAFPID-230826",
"CSAFPID-230995",
"CSAFPID-230997",
"CSAFPID-231000",
"CSAFPID-231001",
"CSAFPID-231017",
"CSAFPID-231245",
"CSAFPID-231471",
"CSAFPID-231679",
"CSAFPID-231796",
"CSAFPID-232061",
"CSAFPID-232093",
"CSAFPID-232852",
"CSAFPID-234115",
"CSAFPID-236205",
"CSAFPID-236297",
"CSAFPID-238504",
"CSAFPID-238668",
"CSAFPID-238669",
"CSAFPID-238999",
"CSAFPID-239361",
"CSAFPID-240186",
"CSAFPID-241916",
"CSAFPID-243144",
"CSAFPID-250628",
"CSAFPID-254081",
"CSAFPID-262382",
"CSAFPID-275327",
"CSAFPID-277230",
"CSAFPID-277232",
"CSAFPID-277253",
"CSAFPID-278136",
"CSAFPID-279335",
"CSAFPID-279337",
"CSAFPID-280759",
"CSAFPID-282026",
"CSAFPID-283833",
"CSAFPID-284291",
"CSAFPID-284341",
"CSAFPID-284566",
"CSAFPID-284785",
"CSAFPID-286029",
"CSAFPID-286399",
"CSAFPID-286400",
"CSAFPID-286451",
"CSAFPID-286844",
"CSAFPID-286927",
"CSAFPID-286940",
"CSAFPID-289270",
"CSAFPID-289301",
"CSAFPID-289371",
"CSAFPID-290557",
"CSAFPID-290618"
],
"url": "https://software.cisco.com"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-210081",
"CSAFPID-212408",
"CSAFPID-212411",
"CSAFPID-212412",
"CSAFPID-212436",
"CSAFPID-213100",
"CSAFPID-213476",
"CSAFPID-213477",
"CSAFPID-213478",
"CSAFPID-213635",
"CSAFPID-213777",
"CSAFPID-213778",
"CSAFPID-213779",
"CSAFPID-213809",
"CSAFPID-213811",
"CSAFPID-213812",
"CSAFPID-213960",
"CSAFPID-214051",
"CSAFPID-214993",
"CSAFPID-217234",
"CSAFPID-217253",
"CSAFPID-217255",
"CSAFPID-217256",
"CSAFPID-217257",
"CSAFPID-217259",
"CSAFPID-217265",
"CSAFPID-217266",
"CSAFPID-217267",
"CSAFPID-217268",
"CSAFPID-217270",
"CSAFPID-217271",
"CSAFPID-217272",
"CSAFPID-217273",
"CSAFPID-217276",
"CSAFPID-217282",
"CSAFPID-217283",
"CSAFPID-218901",
"CSAFPID-218903",
"CSAFPID-218905",
"CSAFPID-220489",
"CSAFPID-220517",
"CSAFPID-220802",
"CSAFPID-220993",
"CSAFPID-222257",
"CSAFPID-222483",
"CSAFPID-222693",
"CSAFPID-222694",
"CSAFPID-222695",
"CSAFPID-222711",
"CSAFPID-222925",
"CSAFPID-222942",
"CSAFPID-223018",
"CSAFPID-223019",
"CSAFPID-223241",
"CSAFPID-223252",
"CSAFPID-224424",
"CSAFPID-224702",
"CSAFPID-225099",
"CSAFPID-225168",
"CSAFPID-225359",
"CSAFPID-225466",
"CSAFPID-225784",
"CSAFPID-225832",
"CSAFPID-226078",
"CSAFPID-226158",
"CSAFPID-226160",
"CSAFPID-226330",
"CSAFPID-226331",
"CSAFPID-226354",
"CSAFPID-227555",
"CSAFPID-227556",
"CSAFPID-227755",
"CSAFPID-228193",
"CSAFPID-228194",
"CSAFPID-228689",
"CSAFPID-228690",
"CSAFPID-228706",
"CSAFPID-229124",
"CSAFPID-229187",
"CSAFPID-230301",
"CSAFPID-230302",
"CSAFPID-230303",
"CSAFPID-231004",
"CSAFPID-231187",
"CSAFPID-231246",
"CSAFPID-231389",
"CSAFPID-231390",
"CSAFPID-231472",
"CSAFPID-231667",
"CSAFPID-231682",
"CSAFPID-231826",
"CSAFPID-232461",
"CSAFPID-232767",
"CSAFPID-233141",
"CSAFPID-233447",
"CSAFPID-235307",
"CSAFPID-235858",
"CSAFPID-236834",
"CSAFPID-237460",
"CSAFPID-239000",
"CSAFPID-240187",
"CSAFPID-200509",
"CSAFPID-204108",
"CSAFPID-204822",
"CSAFPID-204901",
"CSAFPID-205516",
"CSAFPID-209113",
"CSAFPID-209115",
"CSAFPID-209360",
"CSAFPID-209532",
"CSAFPID-209632",
"CSAFPID-209887",
"CSAFPID-209936",
"CSAFPID-210129",
"CSAFPID-210203",
"CSAFPID-210958",
"CSAFPID-211603",
"CSAFPID-211825",
"CSAFPID-211984",
"CSAFPID-212118",
"CSAFPID-212127",
"CSAFPID-212321",
"CSAFPID-212407",
"CSAFPID-212445",
"CSAFPID-212701",
"CSAFPID-213000",
"CSAFPID-213001",
"CSAFPID-213034",
"CSAFPID-213086",
"CSAFPID-213594",
"CSAFPID-213610",
"CSAFPID-213633",
"CSAFPID-213789",
"CSAFPID-214072",
"CSAFPID-214074",
"CSAFPID-214161",
"CSAFPID-214556",
"CSAFPID-214938",
"CSAFPID-214965",
"CSAFPID-216215",
"CSAFPID-216239",
"CSAFPID-216258",
"CSAFPID-216419",
"CSAFPID-216961",
"CSAFPID-216962",
"CSAFPID-217805",
"CSAFPID-217807",
"CSAFPID-218946",
"CSAFPID-218995",
"CSAFPID-218996",
"CSAFPID-218997",
"CSAFPID-220038",
"CSAFPID-220396",
"CSAFPID-220441",
"CSAFPID-220444",
"CSAFPID-220457",
"CSAFPID-220460",
"CSAFPID-220461",
"CSAFPID-220507",
"CSAFPID-220521",
"CSAFPID-220522",
"CSAFPID-220594",
"CSAFPID-220664",
"CSAFPID-221093",
"CSAFPID-221137",
"CSAFPID-222419",
"CSAFPID-222500",
"CSAFPID-222530",
"CSAFPID-222716",
"CSAFPID-222924",
"CSAFPID-222931",
"CSAFPID-222988",
"CSAFPID-222989",
"CSAFPID-223085",
"CSAFPID-223086",
"CSAFPID-223143",
"CSAFPID-223189",
"CSAFPID-224327",
"CSAFPID-224442",
"CSAFPID-224443",
"CSAFPID-224553",
"CSAFPID-224566",
"CSAFPID-224611",
"CSAFPID-225155",
"CSAFPID-225407",
"CSAFPID-225667",
"CSAFPID-225740",
"CSAFPID-225786",
"CSAFPID-225790",
"CSAFPID-226076",
"CSAFPID-226077",
"CSAFPID-226165",
"CSAFPID-226172",
"CSAFPID-227048",
"CSAFPID-227110",
"CSAFPID-227172",
"CSAFPID-227598",
"CSAFPID-227612",
"CSAFPID-227613",
"CSAFPID-227789",
"CSAFPID-227791",
"CSAFPID-227914",
"CSAFPID-227959",
"CSAFPID-228056",
"CSAFPID-228075",
"CSAFPID-228142",
"CSAFPID-228151",
"CSAFPID-228191",
"CSAFPID-228195",
"CSAFPID-228693",
"CSAFPID-228955",
"CSAFPID-228956",
"CSAFPID-228957",
"CSAFPID-228958",
"CSAFPID-228959",
"CSAFPID-228965",
"CSAFPID-228973",
"CSAFPID-230588",
"CSAFPID-230589",
"CSAFPID-230590",
"CSAFPID-230591",
"CSAFPID-230592",
"CSAFPID-230596",
"CSAFPID-230598",
"CSAFPID-230603",
"CSAFPID-230605",
"CSAFPID-230609",
"CSAFPID-230611",
"CSAFPID-230612",
"CSAFPID-230613",
"CSAFPID-230614",
"CSAFPID-230616",
"CSAFPID-230618",
"CSAFPID-230624",
"CSAFPID-230824",
"CSAFPID-230826",
"CSAFPID-230995",
"CSAFPID-230997",
"CSAFPID-231000",
"CSAFPID-231001",
"CSAFPID-231017",
"CSAFPID-231245",
"CSAFPID-231471",
"CSAFPID-231679",
"CSAFPID-231796",
"CSAFPID-232061",
"CSAFPID-232093",
"CSAFPID-232852",
"CSAFPID-234115",
"CSAFPID-236205",
"CSAFPID-236297",
"CSAFPID-238504",
"CSAFPID-238668",
"CSAFPID-238669",
"CSAFPID-238999",
"CSAFPID-239361",
"CSAFPID-240186",
"CSAFPID-241916",
"CSAFPID-243144",
"CSAFPID-250628",
"CSAFPID-254081",
"CSAFPID-262382",
"CSAFPID-275327",
"CSAFPID-277230",
"CSAFPID-277232",
"CSAFPID-277253",
"CSAFPID-278136",
"CSAFPID-279335",
"CSAFPID-279337",
"CSAFPID-280759",
"CSAFPID-282026",
"CSAFPID-283833",
"CSAFPID-284291",
"CSAFPID-284341",
"CSAFPID-284566",
"CSAFPID-284785",
"CSAFPID-286029",
"CSAFPID-286399",
"CSAFPID-286400",
"CSAFPID-286451",
"CSAFPID-286844",
"CSAFPID-286927",
"CSAFPID-286940",
"CSAFPID-289270",
"CSAFPID-289301",
"CSAFPID-289371",
"CSAFPID-290557",
"CSAFPID-290618"
]
}
],
"title": "Cisco IOS and IOS XE Software Plug and Play Agent Memory Leak Vulnerability"
}
]
}
ICSA-19-094-02
Vulnerability from csaf_cisa - Published: 2019-04-04 00:00 - Updated: 2019-04-04 00:00Summary
Rockwell Automation Stratix 5400/5410/5700 and ArmorStratix 5700
Notes
CISA Disclaimer
This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation
Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to cause a memory leak on an affected device, which may cause the device to reload.
Critical infrastructure sectors
Critical Manufacturing, Energy, Water and Wastewater Systems
Countries/areas deployed
Worldwide
Company headquarters location
United States
Recommended Practices
NCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:
Recommended Practices
NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.
Exploitability
No known public exploits specifically target this vulnerability.
{
"document": {
"acknowledgments": [
{
"organization": "Rockwell Automation",
"summary": "reporting this vulnerability to NCCIC"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to cause a memory leak on an affected device, which may cause the device to reload.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Critical Manufacturing, Energy, Water and Wastewater Systems",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "United States",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "NCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "No known public exploits specifically target this vulnerability.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-19-094-02 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2019/icsa-19-094-02.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-19-094-02 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-094-02"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Rockwell Automation Stratix 5400/5410/5700 and ArmorStratix 5700",
"tracking": {
"current_release_date": "2019-04-04T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-19-094-02",
"initial_release_date": "2019-04-04T00:00:00.000000Z",
"revision_history": [
{
"date": "2019-04-04T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-19-094-02 Rockwell Automation Stratix 5400/5410 and ArmorStratix 5700"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 15.2(6)E2a",
"product": {
"name": "Allen-Bradley Stratix 5400: All versions prior to 15.2(6)E2a",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "Allen-Bradley Stratix 5400"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 15.2(6)E2a",
"product": {
"name": "Allen-Bradley Stratix 5410: All versions prior to 15.2(6)E2a",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "Allen-Bradley Stratix 5410"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 15.2(6)E2a",
"product": {
"name": "Allen-Bradley ArmorStratix 5700: All versions prior to 15.2(6)E2a",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "Allen-Bradley ArmorStratix 5700"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 15.2(6)E2a",
"product": {
"name": "Allen-Bradley Stratix 5700: All versions prior to 15.2(6)E2a",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "Allen-Bradley Stratix 5700"
}
],
"category": "vendor",
"name": "Rockwell Automation"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-15377",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "summary",
"text": "An unauthenticated remote attacker could send invalid data to the Cisco Network Plug and Play agent (also referred to as the Cisco Open Plug-n-Play agent) causing a memory leak on the device, which could cause the device to reload.CVE-2018-15377 has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-15377"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Rockwell automation recommends users upgrade to FRN 15.2(6)E2a or later",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "http://compatibility.rockwellautomation.com/Pages/MultiProductDownload.aspx?famID=15"
},
{
"category": "mitigation",
"details": "Utilize proper network infrastructure controls, such as firewalls, to help ensure that requests from unauthorized sources are blocked and the controls are isolated from the business network.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "Block all traffic to EtherNet/IP, or other CIP protocol-based devices, from outside the manufacturing zone by blocking or restricting access to TCP and UDP Port 2222 and Port 44818 using proper network infrastructure controls, such as firewalls, UTM devices, or other security appliances. For more information on TCP/UDP ports used by Rockwell Automation Products, see Knowledgebase Article ID 898270.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "When remote access is required, use secure methods, such as virtual private networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "mitigation",
"details": "For additional information, see Rockwell Automation\u0027s security advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1082686"
},
{
"category": "mitigation",
"details": "Cisco\u0027s product security disclosure is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-pnp-memleak",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-pnp-memleak"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
}
]
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…