CVE DATABASE / CVE-2018-0180

CVE-2018-0180

Cisco IOS Software Denial-of-Service Vulnerability

CVSS 5.9 · MEDIUM ⚠ CISA KEV — ACTIVELY EXPLOITED

On the CISA KEV catalog

Confirmed exploited in the wild. Added 2022-03-03. Federal remediation due 2022-03-17.
Required action: Apply updates per vendor instructions.

Summary

Multiple vulnerabilities in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a denial of service (DoS) condition. These vulnerabilities affect Cisco devices that are running Cisco IOS Software Release 15.4(2)T, 15.4(3)M, or 15.4(2)CG and later. Cisco Bug IDs: CSCuy32360, CSCuz60599.

CVSS 3.1 breakdown

Base score	5.9 (MEDIUM)
Vector	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack vector	NETWORK
Attack complexity	HIGH
Privileges required	NONE
User interaction	NONE
Scope	UNCHANGED
Confidentiality	NONE
Integrity	NONE
Availability	HIGH

Weakness type (CWE)

CWE-399

Affected products

Cisco iosCisco 3925 integrated services routerCisco 3925e integrated services routerCisco 3945 integrated services routerCisco 3945e integrated services routerCisco 1000 integrated services routerCisco 1100-4g\/6g integrated services routerCisco 1100-4g integrated services routerCisco 1100-4gltegb integrated services routerCisco 1100-4gltena integrated services routerCisco 1100-4p integrated services routerCisco 1100-6g integrated services routerCisco 1100-8p integrated services routerCisco 1100-lte integrated services routerCisco 1100 integrated services routerCisco 1101-4p integrated services routerCisco 1101 integrated services routerCisco 1109-2p integrated services routerCisco 1109-4p integrated services routerCisco 1109 integrated services router

Check this CVE live

Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.

References

Data: NIST NVD + CISA KEV. NVD last modified 2026-01-14. Always verify against the vendor advisory before acting.