What is CVE-2018-0155?

A high-severity vulnerability affecting Cisco Catalyst 4500 Series Switches can lead to a denial-of-service condition. Organizations are urged to apply patches immediately to mitigate risks associated with this vulnerability.

What is the severity of CVE-2018-0155?

CVE-2018-0155 has a severity rating of HIGH with a CVSS base score of 8.6.

CVE-2018-0155 | High Vulnerability in Cisco Catalyst 4500 Series Switches

Q: Is CVE-2018-0155 in CISA KEV?

Yes. CVE-2018-0155 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog. Organizations should prioritize remediation.

A vulnerability in the Bidirectional Forwarding Detection (BFD) offload implementation of Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches could allow an unauthenticated, remote attacker to cause a crash of the iosd process, causing a denial of service (DoS) condition. The vulnerability is due to insufficient error handling when the BFD header in a BFD packet is incomplete. An attacker could exploit this vulnerability by sending a crafted BFD message to or across an affected switch. A successful exploit could allow the attacker to trigger a reload of the system. This vulnerability affects Catalyst 4500 Supervisor Engine 6-E (K5), Catalyst 4500 Supervisor Engine 6L-E (K10), Catalyst 4500 Supervisor Engine 7-E (K10), Catalyst 4500 Supervisor Engine 7L-E (K10), Catalyst 4500E Supervisor Engine 8-E (K10), Catalyst 4500E Supervisor Engine 8L-E (K10), Catalyst 4500E Supervisor Engine 9-E (K10), Catalyst 4500-X Series Switches (K10), Catalyst 4900M Switch (K5), Catalyst 4948E Ethernet Switch (K5). Cisco Bug IDs: CSCvc40729.

Vulnerability Details

The vulnerability allows an unauthenticated attacker to crash the iosd process on the affected devices, leading to a denial-of-service condition. It has a CVSS score of 8.6, categorizing it as high severity. Organizations should take this vulnerability seriously, especially since the attack complexity is low and no privileges or user interaction are required.

Technical Analysis

The root cause of this vulnerability stems from insufficient error handling in the BFD implementation. The attack vector is network-based, allowing remote exploitation. The attack complexity is low, meaning that an attacker can launch an attack without significant effort. No privileges are required to initiate an attack, and user interaction is not necessary. The impact on availability is high, as a successful attack can cause the system to reload, disrupting services.

Risk & Impact Analysis

Risk to organizations includes potential service interruptions due to system crashes, which can affect business operations. Given the high CVSS score and the fact that this vulnerability is included in the Known Exploited Vulnerabilities (KEV) catalog, organizations should prioritize patching immediately. The blast radius of such an attack could be significant, affecting multiple devices within a network.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	Yes
Ransomware Use	No

Affected Versions

All versions prior to vendor patch are affected, specifically those running Cisco IOS version 3.6(2)e and Cisco IOS XE version 3.6(2)e.

Mitigation & Remediation

Organizations should apply updates per vendor instructions to mitigate this vulnerability. If patches are not available, implementing network controls and monitoring for unusual traffic patterns can help reduce risk. For comprehensive testing and validation, organizations should consider engaging in penetration testing to identify and remediate vulnerabilities.

Detection Guidance

Monitoring logs for unusual BFD traffic patterns can help in early detection of exploitation attempts. Additionally, organizations should look for system reloads or crashes in their operational logs that may indicate an attempted attack.

AppSecure Threat Intelligence Insight

This vulnerability highlights the importance of robust error handling in network protocols. It represents a pattern of vulnerabilities that can lead to significant system disruptions. Security teams should prioritize regular vulnerability assessments and implement a vulnerability management program to keep their defenses up-to-date. For organizations utilizing Cisco products, regular engagement with security advisories is crucial to mitigate risks associated with known vulnerabilities.

To enhance security posture, organizations can also benefit from conducting regular penetration testing that helps identify weaknesses in their systems.

Engaging in proactive security measures, such as threat modeling and regular assessments, can significantly reduce the risk posed by vulnerabilities like CVE-2018-0155. By staying informed and prepared, organizations can better protect their critical infrastructure.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2018-0155: High Vulnerability in Cisco Catalyst 4500 Series Switches