Kwetsbaarheid CVE-2018-0484

A Vulnerability In The Access Control Logic Of The Secure Shell (SSH) Server Of Cisco IOS And IOS XE Software May Allow Connections Sourced From A Virtual Routing And Forwarding (VRF) Instance Despite The Absence Of The Vrf-also Keyword In The Access-class Configuration. The Vulnerability Is Due To A Missing Check In The SSH Server. An Attacker Could Use This Vulnerability To Open An SSH Connection To An Affected Cisco IOS Or IOS XE Device With A Source Address Belonging To A VRF Instance. Once Connected, The Attacker Would Still Need To Provide Valid Credentials To Access The Device.

Algemeen

CVE
CVE-2018-0484
Leverancier(s) betrokken
Omschrijving
A Vulnerability In The Access Control Logic Of The Secure Shell (SSH) Server Of Cisco IOS And IOS XE Software May Allow Connections Sourced From A Virtual Routing And Forwarding (VRF) Instance Despite The Absence Of The Vrf-also Keyword In The Access-class Configuration. The Vulnerability Is Due To A Missing Check In The SSH Server. An Attacker Could Use This Vulnerability To Open An SSH Connection To An Affected Cisco IOS Or IOS XE Device With A Source Address Belonging To A VRF Instance. Once Connected, The Attacker Would Still Need To Provide Valid Credentials To Access The Device.
Publicatie
Donderdag, 10 Januari 2019
Gewijzigd
Woensdag, 16 Januari 2019 15:00
Ernst

Referenties

Modificatie geschiedenis

Geef hieronder je email adres op en word op de hoogte gehouden van aanpassingen aan deze CVE