TTCSIRT-168.092818: TT-CSIRT Advisory – Cisco Security Updates
Cisco has released a security update stating that an in the web user interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload.
The vulnerability is due to a double-free-in-memory handling by the affected software when specific HTTP requests are processed.
An attacker could exploit this by sending specific HTTP requests to the web user interface of the affected software.
| Further information on this vulnerability and how it can be mitigated can be found on the Cisco Website at https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-webuidos |