CVE-2018-0158 - Vulnerability Details

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain IKEv2 packets. An attacker could exploit this vulnerability by sending crafted IKEv2 packets to an affected device to be processed. A successful exploit could cause an affected device to continuously consume memory and eventually reload, resulting in a DoS condition. Cisco Bug IDs: CSCvf22394.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

This CVE is in the KEV database since March 3, 2022.

The EPSS score is 0.1498.

Exploitation active

Automatable yes

Technical Impact partial

Vendors	Products
Cisco	Asr 1001-hx Asr 1001-x Asr 1002-hx Asr 1002-x Asr 1004 Asr 1006 Asr 1006-x Asr 1009-x Asr 1013 Ios Ios Xe
Rockwellautomation	Allen-bradley Stratix 5900

Configuration 1 [-]

AND

OR	cpe:2.3:o:cisco:ios:15.5\(3\)s1.1:::::::*
	cpe:2.3:o:cisco:ios:15.5\(3\)s1.2:::::::*
	cpe:2.3:o:cisco:ios:15.5\(3\)s1.4:::::::*
	cpe:2.3:o:cisco:ios:15.5\(3\)s1.5:::::::*
	cpe:2.3:o:cisco:ios:15.5\(3\)s1.7:::::::*
	cpe:2.3:o:cisco:ios:15.5\(3\)s1.8:::::::*
	cpe:2.3:o:cisco:ios:15.5\(3\)s1.9:::::::*
	cpe:2.3:o:cisco:ios:15.5\(3\)s1.10:::::::*
	cpe:2.3:o:cisco:ios:15.5\(3\)s1.11:::::::*
	cpe:2.3:o:cisco:ios:15.5\(3\)s1.12:::::::*

OR	cpe:2.3:h:cisco:asr_1001-hx:-:::::::*
	cpe:2.3:h:cisco:asr_1001-x:-:::::::*
	cpe:2.3:h:cisco:asr_1002-hx:-:::::::*
	cpe:2.3:h:cisco:asr_1002-x:-:::::::*
	cpe:2.3:h:cisco:asr_1004:-:::::::*
	cpe:2.3:h:cisco:asr_1006:-:::::::*
	cpe:2.3:h:cisco:asr_1006-x:-:::::::*
	cpe:2.3:h:cisco:asr_1009-x:-:::::::*
	cpe:2.3:h:cisco:asr_1013:-:::::::*

Configuration 2 [-]

AND

OR	cpe:2.3:o:cisco:ios_xe:15.5\(3\)s1.1:::::::*
	cpe:2.3:o:cisco:ios_xe:15.5\(3\)s1.2:::::::*
	cpe:2.3:o:cisco:ios_xe:15.5\(3\)s1.4:::::::*
	cpe:2.3:o:cisco:ios_xe:15.5\(3\)s1.5:::::::*
	cpe:2.3:o:cisco:ios_xe:15.5\(3\)s1.7:::::::*
	cpe:2.3:o:cisco:ios_xe:15.5\(3\)s1.8:::::::*
	cpe:2.3:o:cisco:ios_xe:15.5\(3\)s1.9:::::::*
	cpe:2.3:o:cisco:ios_xe:15.5\(3\)s1.10:::::::*
	cpe:2.3:o:cisco:ios_xe:15.5\(3\)s1.11:::::::*
	cpe:2.3:o:cisco:ios_xe:15.5\(3\)s1.12:::::::*

OR	cpe:2.3:h:cisco:asr_1001-hx:-:::::::*
	cpe:2.3:h:cisco:asr_1001-x:-:::::::*
	cpe:2.3:h:cisco:asr_1002-hx:-:::::::*
	cpe:2.3:h:cisco:asr_1002-x:-:::::::*
	cpe:2.3:h:cisco:asr_1004:-:::::::*
	cpe:2.3:h:cisco:asr_1006:-:::::::*
	cpe:2.3:h:cisco:asr_1006-x:-:::::::*
	cpe:2.3:h:cisco:asr_1009-x:-:::::::*
	cpe:2.3:h:cisco:asr_1013:-:::::::*

Configuration 3 [-]

AND

OR	cpe:2.3:o:cisco:ios:15.5\(3\)s1.1:::::::*
	cpe:2.3:o:cisco:ios:15.5\(3\)s1.2:::::::*
	cpe:2.3:o:cisco:ios:15.5\(3\)s1.4:::::::*
	cpe:2.3:o:cisco:ios:15.5\(3\)s1.5:::::::*
	cpe:2.3:o:cisco:ios:15.5\(3\)s1.7:::::::*
	cpe:2.3:o:cisco:ios:15.5\(3\)s1.8:::::::*
	cpe:2.3:o:cisco:ios:15.5\(3\)s1.9:::::::*
	cpe:2.3:o:cisco:ios:15.5\(3\)s1.10:::::::*
	cpe:2.3:o:cisco:ios:15.5\(3\)s1.11:::::::*
	cpe:2.3:o:cisco:ios:15.5\(3\)s1.12:::::::*
	cpe:2.3:o:cisco:ios_xe:15.5\(3\)s1.1:::::::*
	cpe:2.3:o:cisco:ios_xe:15.5\(3\)s1.2:::::::*
	cpe:2.3:o:cisco:ios_xe:15.5\(3\)s1.4:::::::*
	cpe:2.3:o:cisco:ios_xe:15.5\(3\)s1.5:::::::*
	cpe:2.3:o:cisco:ios_xe:15.5\(3\)s1.7:::::::*
	cpe:2.3:o:cisco:ios_xe:15.5\(3\)s1.8:::::::*
	cpe:2.3:o:cisco:ios_xe:15.5\(3\)s1.9:::::::*
	cpe:2.3:o:cisco:ios_xe:15.5\(3\)s1.10:::::::*
	cpe:2.3:o:cisco:ios_xe:15.5\(3\)s1.11:::::::*
	cpe:2.3:o:cisco:ios_xe:15.5\(3\)s1.12:::::::*

cpe:2.3:h:rockwellautomation:allen-bradley_stratix_5900:-:*:*:*:*:*:*:*

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://www.securityfocus.com/bid/103566
http://www.securitytracker.com/id/1040595
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-ike
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-0158

History

Wed, 22 Oct 2025 00:15:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-0158

Tue, 21 Oct 2025 20:30:00 +0000

Type	Values Removed	Values Added
References	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-0158

Tue, 21 Oct 2025 19:30:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-0158

Fri, 15 Nov 2024 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2022-03-03'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2018-03-28T22:00:00.000Z

Updated: 2025-10-21T23:45:54.255Z

Reserved: 2017-11-27T00:00:00.000Z

Link: CVE-2018-0158

Vulnrichment

Updated: 2024-08-05T03:14:17.087Z

NVD

Status : Analyzed

Published: 2018-03-28T22:29:00.547

Modified: 2025-10-27T18:00:24.043

Link: CVE-2018-0158

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Exploitation active

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object