{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-15T11:36:06.117","vulnerabilities":[{"cve":{"id":"CVE-2018-15374","sourceIdentifier":"psirt@cisco.com","published":"2018-10-05T14:29:06.543","lastModified":"2024-11-21T03:50:39.100","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install a malicious software image or file on an affected device. The vulnerability is due to the affected software improperly verifying digital signatures for software images and files that are uploaded to a device. An attacker could exploit this vulnerability by uploading a malicious software image or file to an affected device. A successful exploit could allow the attacker to bypass digital signature verification checks for software images and files and install a malicious software image or file on the affected device."},{"lang":"es","value":"Una vulnerabilidad en la funcionalidad de verificación de imágenes de Cisco IOS XE Software podría permitir que un atacante local autenticado instale una imagen o archivo de software malicioso en un dispositivo afectado. La vulnerabilidad se debe a que el software afectado verifica incorrectamente las firmas digitales para imágenes y archivos de software que se suben a un dispositivo. Un atacante podría explotar esta vulnerabilidad subiendo una imagen o archivo de software malicioso a un dispositivo afectado. Su explotación con éxito podría permitir que el atacante omita las comprobaciones de validación de firmas digitales para imágenes y archivos de software e instale una imagen o archivo de software malicioso en el dispositivo afectado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0\/AV:L\/AC:L\/PR:H\/UI:N\/S:U\/C:H\/I:H\/A:H","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L\/AC:L\/Au:N\/C:C\/I:C\/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-347"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-347"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:ios_xe:16.6.1:*:*:*:*:*:*:*","matchCriteriaId":"F821EBD7-91E2-4460-BFAF-18482CF6CB8C"}]}]}],"references":[{"url":"http:\/\/www.securityfocus.com\/bid\/105415","source":"psirt@cisco.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-20180926-digsig","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"http:\/\/www.securityfocus.com\/bid\/105415","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-20180926-digsig","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}