Vulnerabilities ›

CVE-2018-0154

Critical 🇺🇸 CISA KEV ⚡ Exploit Available

                    Published: Mar 3, 2022                                          ·  Source: CISA_KEV                

CVSS v3

9.0

🔗 NVD Official

📄 Description (English)

Cisco IOS Software Integrated Services Module for VPN Denial-of-Service Vulnerability — A vulnerability in the crypto engine of the Cisco Integrated Services Module for VPN (ISM-VPN) running Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial-of-service (DoS) condition.

🤖 AI Executive Summary

CVE-2018-0154 is a critical vulnerability (CVSS 9.0) in the crypto engine of Cisco Integrated Services Module for VPN (ISM-VPN) running Cisco IOS Software that allows an unauthenticated, remote attacker to cause a denial-of-service (DoS) condition. The vulnerability can be exploited remotely without authentication, and exploit code is publicly available, significantly increasing the risk of active exploitation. Organizations relying on Cisco ISM-VPN modules for secure communications face potential disruption of VPN services, impacting business continuity and secure connectivity. A patch is available from Cisco and should be applied immediately.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: Apr 9, 2026 11:01

🇸🇦 Saudi Arabia Impact Assessment

This vulnerability poses significant risk to Saudi organizations heavily dependent on Cisco VPN infrastructure, particularly in the banking sector (SAMA-regulated institutions), government agencies (NCA-governed networks), energy sector (ARAMCO and petrochemical companies), and telecom providers (STC, Mobily, Zain). VPN services are critical for secure remote access and site-to-site connectivity across Saudi Arabia's geographically distributed infrastructure. A DoS attack on VPN modules could disrupt secure communications for critical national infrastructure, remote workforce connectivity, and inter-branch banking operations. Given Saudi Vision 2030's digital transformation initiatives, VPN availability is essential for maintaining secure digital services.

🏢 Affected Saudi Sectors

Banking Government Energy Telecommunications Healthcare Defense Transportation

⚖️ Saudi Risk Score (AI)

8.5

/ 10.0

🔧 Remediation Steps (English)

Immediate Actions:

1. Identify all Cisco ISM-VPN modules running affected Cisco IOS Software versions in your environment.

2. Apply the Cisco security patch immediately — refer to Cisco Security Advisory cisco-sa-20180328-ism for specific fixed software versions.

3. If immediate patching is not possible, implement compensating controls:

   - Apply access control lists (ACLs) to restrict traffic to VPN modules from trusted sources only.

   - Enable rate limiting on interfaces connected to ISM-VPN modules.

   - Deploy IPS/IDS signatures to detect exploitation attempts.

4. Monitor VPN module health and crypto engine performance for anomalies.

5. Ensure redundant VPN infrastructure is in place to maintain availability during patching.



Detection Rules:

- Monitor for unusual traffic patterns targeting VPN crypto engine services.

- Set up SNMP alerts for ISM-VPN module crashes or reloads.

- Implement Snort/Suricata rules for known exploit signatures related to this CVE.

- Review syslog for crypto engine error messages.

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. تحديد جميع وحدات Cisco ISM-VPN التي تعمل بإصدارات Cisco IOS المتأثرة في بيئتكم.

2. تطبيق تصحيح Cisco الأمني فوراً — الرجوع إلى نشرة Cisco الأمنية cisco-sa-20180328-ism للحصول على إصدارات البرامج المصححة.

3. في حال عدم إمكانية التصحيح الفوري، تطبيق ضوابط تعويضية:

- تطبيق قوائم التحكم بالوصول (ACLs) لتقييد حركة المرور إلى وحدات VPN من المصادر الموثوقة فقط.

- تفعيل تحديد معدل الحركة على الواجهات المتصلة بوحدات ISM-VPN.

- نشر توقيعات IPS/IDS للكشف عن محاولات الاستغلال.

4. مراقبة صحة وحدة VPN وأداء محرك التشفير للكشف عن أي شذوذ.

5. التأكد من وجود بنية تحتية VPN احتياطية للحفاظ على التوافر أثناء التصحيح.

قواعد الكشف:

- مراقبة أنماط حركة المرور غير العادية التي تستهدف خدمات محرك تشفير VPN.

- إعداد تنبيهات SNMP لأعطال أو إعادة تشغيل وحدة ISM-VPN.

- تطبيق قواعد Snort/Suricata لتوقيعات الاستغلال المعروفة المتعلقة بهذه الثغرة.

- مراجعة سجلات النظام للكشف عن رسائل أخطاء محرك التشفير.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

ECC-2:3-1 (Network Security) ECC-2:3-3 (Vulnerability Management) ECC-2:5-1 (Business Continuity) ECC-2:2-4 (Patch Management)

🔵 SAMA CSF

3.3.3 (Network Security Management) 3.3.4 (Vulnerability Management) 3.4.1 (Business Continuity Management) 3.3.7 (Cryptographic Controls)

🟡 ISO 27001:2022

A.8.8 (Management of technical vulnerabilities) A.8.20 (Networks security) A.8.24 (Use of cryptography) A.5.30 (ICT readiness for business continuity)

🟣 PCI DSS v4.0

PCI DSS 6.3.3 (Patching critical vulnerabilities) PCI DSS 1.2 (Network security controls) PCI DSS 11.5 (Network intrusion detection)

🔗 References & Sources 0

No references.

📦 Affected Products / CPE 1 entries

Cisco:IOS Software

📊 CVSS Score

9.0

/ 10.0 — Critical

📋 Quick Facts

Severity Critical

CVSS Score9.0

EPSS8.96%

Exploit ✓ Yes

Patch ✓ Yes

CISA KEV🇺🇸 Yes

KEV Due Date2022-03-17

Published 2022-03-03

Source Feed cisa_kev

🇸🇦 Saudi Risk Score

8.5

/ 10.0 — Saudi Risk

🏷️ Tags

kev actively-exploited

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2018-0154

Introduce Yourself

Sign In Required