Symptom
This product includes Third-party Software that is affected by the
vulnerabilities identified by the following Common Vulnerability and
Exposures (CVE) IDs:
CVE-2018-20031 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20031
CVE-2018-20032 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20032
CVE-2018-20033 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20033
CVE-2018-20034 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20034
The affected third-party software component has been upgraded to a version that includes fixes for the vulnerability. Future versions of the product(s) will not be affected by this vulnerability.
Conditions
Device with default configuration.
Workaround
Not available or not applicable.
Further Problem Description
Additional details about the vulnerabilities listed above can be found
at https://www.cve.org/.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 3.0 score.
The Base CVSS score as of the time of evaluation is: 9.8
https://tools.cisco.com/security/center/cvssCalculator.x?version=3.0&vector=CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
CVE ID CVE-2018-20031, CVE-2018-20032, CVE-2018-20033, CVE-2018-20034 have been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be
found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
