8.8
CVE-2018-0395
- EPSS 0.33%
- Veröffentlicht 17.10.2018 19:29:00
- Zuletzt bearbeitet 21.11.2024 03:38:08
- Quelle psirt@cisco.com
- Teams Watchlist Login
- Unerledigt Login
A vulnerability in the Link Layer Discovery Protocol (LLDP) implementation for Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition when the device unexpectedly reloads. The vulnerability is due to improper input validation of certain type, length, value (TLV) fields of the LLDP frame header. An attacker could exploit this vulnerability by sending a crafted LLDP packet to an interface on the targeted device. A successful exploit could allow the attacker to cause the switch to reload unexpectedly.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cisco ≫ Nx-os Version6.0(4)
Cisco ≫ Nexus 7000 10-slot Version-
Cisco ≫ Nexus 7000 18-slot Version-
Cisco ≫ Nexus 7000 4-slot Version-
Cisco ≫ Nexus 7000 9-slot Version-
Cisco ≫ Nexus 7700 10-slot Version-
Cisco ≫ Nexus 7700 18-slot Version-
Cisco ≫ Nexus 7700 2-slot Version-
Cisco ≫ Nexus 7700 6-slot Version-
Cisco ≫ Nexus 7000 18-slot Version-
Cisco ≫ Nexus 7000 4-slot Version-
Cisco ≫ Nexus 7000 9-slot Version-
Cisco ≫ Nexus 7700 10-slot Version-
Cisco ≫ Nexus 7700 18-slot Version-
Cisco ≫ Nexus 7700 2-slot Version-
Cisco ≫ Nexus 7700 6-slot Version-
Cisco ≫ Nx-os Version6.1(3)s2
Cisco ≫ Nexus 7000 10-slot Version-
Cisco ≫ Nexus 7000 18-slot Version-
Cisco ≫ Nexus 7000 4-slot Version-
Cisco ≫ Nexus 7000 9-slot Version-
Cisco ≫ Nexus 7700 10-slot Version-
Cisco ≫ Nexus 7700 18-slot Version-
Cisco ≫ Nexus 7700 2-slot Version-
Cisco ≫ Nexus 7700 6-slot Version-
Cisco ≫ Nexus 7000 18-slot Version-
Cisco ≫ Nexus 7000 4-slot Version-
Cisco ≫ Nexus 7000 9-slot Version-
Cisco ≫ Nexus 7700 10-slot Version-
Cisco ≫ Nexus 7700 18-slot Version-
Cisco ≫ Nexus 7700 2-slot Version-
Cisco ≫ Nexus 7700 6-slot Version-
Cisco ≫ Firepower Extensible Operating System Versionr231
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.33% | 0.552 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 1.6 | 3.6 |
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 2.9 | 5.5 | 2.9 |
AV:A/AC:M/Au:N/C:N/I:N/A:P
|
| psirt@cisco.com | 8.8 | 2.8 | 5.9 |
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.