CVE-2018-15374

Name: CVE-2018-15374
Creator: NVD / NIST
Published: 2018-10-05T14:29:06.543+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.24%

Last modified Jun 17, 2026

CVE-2018-15374 is a vulnerability of currently unknown severity. A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install a malicious software image or file on an affected device. The vulnerability is due to the affected software improperly verifying digital signatures for software images and files that are uploaded to a device. EPSS estimates a 0.24% chance of exploitation in the next 30 days.

Description

A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install a malicious software image or file on an affected device. The vulnerability is due to the affected software improperly verifying digital signatures for software images and files that are uploaded to a device. An attacker could exploit this vulnerability by uploading a malicious software image or file to an affected device. A successful exploit could allow the attacker to bypass digital signature verification checks for software images and files and install a malicious software image or file on the affected device.

Metrics

EPSS Probability

0.24%

14.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Cisco	Ios Xe	16.6.1

References

http://www.securityfocus.com/bid/105415Third Party Advisory, VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-digsigVendor Advisory
http://www.securityfocus.com/bid/105415Third Party Advisory, VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-digsigVendor Advisory

Timeline

Published: Oct 5, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-15374?

How severe is CVE-2018-15374?

Severity scoring for CVE-2018-15374 is pending analysis. The EPSS model estimates a 0.24% probability of exploitation in the next 30 days.

How do I fix CVE-2018-15374?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-15374?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST