CVE-2018-0167

Warning

EPSS 1.84%
Published 28.03.2018 22:29:00
Last modified 27.01.2025 19:58:42
Source psirt@cisco.com
Teams watchlist Login
Open Login

Multiple Buffer Overflow vulnerabilities in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. Cisco Bug IDs: CSCuo17183, CSCvd73487.

Affected products Warnungen 1 Metrics 3 CWE 1 References 9

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Ios Version5.2.0.base

   Cisco ≫ Asr 9001 Version-
   Cisco ≫ Asr 9006 Version-
   Cisco ≫ Asr 9010 Version-
   Cisco ≫ Asr 9904 Version-
   Cisco ≫ Asr 9906 Version-
   Cisco ≫ Asr 9910 Version-
   Cisco ≫ Asr 9912 Version-
   Cisco ≫ Asr 9922 Version-

Cisco ≫ Ios Xe Version5.2.0.base

Cisco ≫ Ios Xr Version >= 4.1 < 5.1.3

Cisco ≫ Ios Version <= 15.6.3m1

Rockwellautomation ≫ Allen-bradley Stratix 5900 Version-

Cisco ≫ Ios Xe Version <= 15.6.3m1

Rockwellautomation ≫ Allen-bradley Stratix 5900 Version-

Cisco ≫ Ios Version <= 15.2\(6\)e0a

   Rockwellautomation ≫ Allen-bradley Armorstratix 5700 Version-
   Rockwellautomation ≫ Allen-bradley Stratix 5400 Version-
   Rockwellautomation ≫ Allen-bradley Stratix 5410 Version-
   Rockwellautomation ≫ Allen-bradley Stratix 5700 Version-
   Rockwellautomation ≫ Allen-bradley Stratix 8000 Version-

Cisco ≫ Ios Xe Version <= 15.2\(6\)e0a

Cisco ≫ Ios Version <= 15.2\(4a\)ea5

Rockwellautomation ≫ Allen-bradley Stratix 8300 Version-

Cisco ≫ Ios Xe Version <= 15.2\(4a\)ea5

Rockwellautomation ≫ Allen-bradley Stratix 8300 Version-

03.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Cisco IOS, XR, and XE Software Buffer Overflow Vulnerability

Vulnerability

There is a buffer overflow vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software which could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code.

Description

Apply updates per vendor instructions.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.84%	0.823

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	8.3	6.5	10	AV:A/AC:L/Au:N/C:C/I:C/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03

Third Party Advisory

US Government Resource

https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05

Third Party Advisory

US Government Resource

https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04

Third Party Advisory

US Government Resource

http://www.securityfocus.com/bid/103564

Third Party Advisory

Broken Link