Actively exploited vulnerability

CVE-2018-0171: Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability

Cisco IOS and IOS XE Software improperly validates packet data, allowing an unauthenticated, remote attacker to trigger a reload of an affected device, cause a denial-of-service (DoS) condition, or perform code execution on the affected device.

CISA KEV source 3 Nov 2021 added 3 May 2022 remediation due

Affected product

Cisco ยท IOS and IOS XE

Known ransomware use: Unknown

Required action

Follow the source advisory and validate exposure in your environment.

Apply updates per vendor instructions.

Related Yasna coverage

Recent reporting that mentions CVE-2018-0171.