CVE-2018-0167

EUVD-2018-0990
Multiple Buffer Overflow vulnerabilities in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. Cisco Bug IDs: CSCuo17183, CSCvd73487.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
8.8 HIGH
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 75%
Affected Products (NVD)
VendorProductVersion
ciscoios
5.2.0.base:base
ciscoios_xe
5.2.0.base:base
ciscoios_xr
4.1 ≤
𝑥
< 5.1.3
ciscoios
𝑥
≤ 15.6.3m1
ciscoios_xe
𝑥
≤ 15.6.3m1
ciscoios
𝑥
≤ 15.2\(6\)e0a
ciscoios_xe
𝑥
≤ 15.2\(6\)e0a
ciscoios
𝑥
≤ 15.2\(4a\)ea5
ciscoios_xe
𝑥
≤ 15.2\(4a\)ea5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/103564
http://www.securitytracker.com/id/1040586
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp
http://www.securityfocus.com/bid/103564
http://www.securitytracker.com/id/1040586
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-0167