- Description
- A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on an affected device. The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted Smart Install message to an affected device on TCP port 4786. A successful exploit could allow the attacker to cause a buffer overflow on the affected device, which could have the following impacts: Triggering a reload of the device, Allowing the attacker to execute arbitrary code on the device, Causing an indefinite loop on the affected device that triggers a watchdog crash. Cisco Bug IDs: CSCvg76186.
- Source
- psirt@cisco.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 10
- Impact score
- 10
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:C/A:C
Data from CISA
- Vulnerability name
- Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability
- Exploit added on
- Nov 3, 2021
- Exploit action due
- May 3, 2022
- Required action
- Apply updates per vendor instructions.
- Hype score
- Not currently trending
Question 2 - Amelia Larson (refresh for new alias) An extremely advanced infiltration codenamed "Salt Typhoon" referencing CVE-2018-0171 and CVE-2023-20198 is threatening Canada's security. This question is far more difficult than previous ones, with three distinct part @NSAGov
@EnigmaTyphoon
31 Mar 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
amphetamine is not prescribed in china at most you get 15mg concerta per day; so you guys still got CVE-2018-0171 and CVE-2023-20198 and didn't know how to patch huh? @NSAGov spanking H1B spanking ... the systemic problems remain
@EnigmaTyphoon
30 Mar 2025
103 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Ongoing attacks linked to the Salt Typhoon group exploit Cisco vulnerabilities CVE-2018-0171 and CVE-2023-20198, targeting telecom sectors. Significant breaches reported. #CiscoSecurity #China #VulnerabilityExploitation link: https://t.co/T2RU9MUNaZ https://t.co/RW7WZeshHE
@TweetThreatNews
26 Feb 2025
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
シスコ社ネットワーク機器の脆弱性CVE-2023-20198を110のIPアドレスが積極的に攻撃している。GreyNoise社報告。中国のSalt Typhoon集団による大手電気通信事業者へのハッキングと関連しており、CVE-2018-0171の悪用も見られる。 https://t.co/LRya8zN4EO
@__kokumoto
25 Feb 2025
720 Impressions
0 Retweets
5 Likes
6 Bookmarks
0 Replies
0 Quotes
Cisco機器を標的とした攻撃が活発化し、国家支援グループを含む攻撃者が未修正の脆弱性を悪用。 CVE-2023-20198(特権昇格, CVSS 10.0)は110の悪意あるIP(ブルガリア38%、ブラジル27%、シンガポール19%)から攻撃され、攻撃件数は2024年10月以降3倍に増加。 また、7年前のCVE-2018-0171(Smart… https://t.co/PW34ciL9Ne
@yousukezan
25 Feb 2025
2275 Impressions
2 Retweets
24 Likes
8 Bookmarks
0 Replies
0 Quotes
🚨 Exploitation: Salt Typhoon-Linked CVEs 🚨 🔹 CVE-2023-20198 – 110+ IPs (🇧🇬🇧🇷🇸🇬) 🔹 CVE-2018-0171 – Attempts from 🇨🇭🇺🇸https://t.co/4XtqUm2Pds #salttyphoon #cve
@GreyNoiseIO
24 Feb 2025
1007 Impressions
2 Retweets
8 Likes
5 Bookmarks
0 Replies
0 Quotes
سوءاستفاده هکرهای Salt Typhoon از CVE-2018-0171 برای نفوذ به شبکههای مخابراتی #Cyber_Security_News #اخبار_امنیت_سایبری #CVE_2018_0171 #CVE_2023_20198 #CVE_2023_20273 #Salt_Typhoon https://t.co/N47vmMiOMv
@vulnerbyte
22 Feb 2025
35 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ios:15.2\\(5\\)e:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F112DE64-0042-4FB9-945D-3107468193E5"
}
],
"operator": "OR"
}
]
}
]