LiveActive security incident?Get immediate response
CVE Record

CVE-2018-0158: A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisco IOS X...

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain IKEv2 packets. An attacker could exploit this vulnerability by sending crafted IKEv2 packets to an affected device to be processed. A successful exploit could cause an affected device to continuously consume memory and eventually reload, resulting in a DoS condition. Cisco Bug IDs: CSCvf22394.

HighCVSS 8.6Known exploitedUpdated
Glexia's TakeAutomated analysishigh

Security readout for executives and security teams

Plain-English summary

CVE-2018-0158 can let an unauthenticated remote attacker crash or exhaust memory on affected Cisco IOS and IOS XE devices. The business impact is service disruption, especially for routers, VPN gateways, and operational networks that rely on device availability.

Executive priority

Prioritize remediation for exposed Cisco infrastructure because the issue is remotely reachable, requires no authentication, affects availability, and appears in CISA KEV. Treat this as urgent where outages would disrupt connectivity, VPN access, or operational environments.

Technical view

The flaw is in Cisco IOS and IOS XE IKEv2 packet processing. Incorrect handling of certain IKEv2 packets can cause memory leakage or device reload, producing denial of service. CVSS 3.1 is 8.6 with network access, low complexity, no privileges, and high availability impact.

Likely exposure

Exposure is most likely on Cisco IOS or IOS XE devices running affected software where IKEv2 processing is enabled and reachable from untrusted networks, partners, or the internet. The bundle does not provide specific fixed release mappings.

Exploitation context

CISA KEV status means this CVE is listed as known exploited. The provided Cisco/CVE description supports remote unauthenticated denial of service, but does not include exploit details, campaign context, or proof-of-concept status.

Researcher notes

Evidence supports CWE-20 style improper input processing in IKEv2. Keep analysis bounded to denial of service; sources do not indicate confidentiality or integrity impact. Use vendor documentation for exact affected and fixed releases rather than extrapolating platform coverage.

Mitigation direction

  • Check Cisco's advisory for affected releases and fixed software guidance.
  • Upgrade or remediate vulnerable Cisco IOS and IOS XE devices per Cisco guidance.
  • Restrict IKEv2 reachability to trusted peers where operationally feasible.
  • Prioritize internet-facing and operationally critical routing or VPN devices.
  • Monitor for memory exhaustion, unexpected reloads, and IKEv2-related anomalies.

Validation and detection

  • Inventory Cisco IOS and IOS XE devices and record software versions.
  • Determine where IKEv2 is enabled and reachable from untrusted networks.
  • Compare versions and configurations against the Cisco advisory.
  • Review device logs for reloads, memory pressure, or IKEv2 processing errors.
  • Confirm post-remediation devices are no longer on vulnerable releases.
Prepared
Confidence
high
Sources
6

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cwe · low confidence lookup

CWE-20: Exact CWE lookup

Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.

Open ATT&CK lookup
cve · low confidence lookup

CVE-2018-0158 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
High
CVSS
8.6 (3.1)
Known Exploited
Yes
Published

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

1CVSS vectors
0Timeline events
0ADP providers
5Source links

CISA KEV status

Status
Known exploited
Source
CISA / ADP
Date added
Not provided

CVSS vector scores

1 official score

We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.

ScoreVersionSeverityVectorExploitImpactSource
8.6CVSS 3.1HighCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H3.94Primary CVE score

Vulnerability scoring details

Base CVSS 3.1 score

8.6High
CVSS 3.1 vector shape for CVE-2018-0158Attack VectorAttack ComplexityPrivileges RequiredUser InteractionScopeConfidentiality ImpactIntegrity ImpactAvailability Impact

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Attack Vector
NetworkAdjacentLocalPhysical
Attack Complexity
LowHigh
Privileges Required
NoneLowHigh
User Interaction
NoneRequired
Scope
ChangedUnchanged
Confidentiality Impact
HighLowNone
Integrity Impact
HighLowNone
Availability Impact
HighLowNone
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
n/aCisco IOS and IOS XECisco IOS and IOS XEListed
Weakness

CWE details

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.