Overview

CVE-2018-11750 - Cisco IOS Module host validation issue

  • Posted October 2, 2018

  • Assessed Risk Level: Medium

  • CVSS 3 Base Score: 5.1

Previous releases of the Puppet cisco_ios module did not validate a host’s identity before starting a SSH connection. As of the 0.4.0 release of cisco_ios, host key checking is enabled by default.

Status:

Affected software versions:

  • cisco_ios prior to 0.4.0

Resolved in:

  • cisco_ios 0.4.0