CVE-2018-0156

7.5
HIGHCVSS v3.1 Base Score
15.53%
LOW RiskEPSS (95th percentile)
CWE-399

A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted packet to an affected device on TCP port 4786. Only Smart Install client switches are affected. Cisco devices that are configured as a Smart Install director are not affected by this vulnerability. Cisco Bug IDs: CSCvd40673.

Published: 3/28/2018
Modified: 1/13/2026
Back to CVE Lookup

Vulnerability Summary

CVSS v3 Score

7.5HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2 Score

7.8

AV:N/AC:L/Au:N/C:N/I:N/A:C

EPSS Score (Exploitation Probability)

15.53%LOW Exploitation Risk
95th percentile

This vulnerability has a 15.53% probability of being exploited in the next 30 days, ranking higher than 95% of all scored CVEs.

CWE Classification

CWE-399

Learn More

CVSS Calculator

View this score breakdown or calculate a custom score

Understanding CVSS Scoring

Learn how severity scores are calculated and what they mean

CVE Prioritization Guide

Best practices for deciding which vulnerabilities to address first

What is a CVE?

Essential guide to Common Vulnerabilities and Exposures

CVE vs CWE Explained

Understand how CVEs relate to underlying weakness types