OpenCVE

Multiple Buffer Overflow vulnerabilities in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. Cisco Bug IDs: CSCuo17183, CSCvd73487.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:A/AC:L/Au:N/C:C/I:C/A:C

This CVE is in the KEV database since March 3, 2022.

Exploitation active

Automatable no

Technical Impact total

Vendors	Products
Cisco	Asr 9001 Asr 9006 Asr 9010 Asr 9904 Asr 9906 Asr 9910 Asr 9912 Asr 9922 Ios Ios Xe Ios Xr
Rockwellautomation	Allen-bradley Armorstratix 5700 Allen-bradley Stratix 5400 Allen-bradley Stratix 5410 Allen-bradley Stratix 5700 Allen-bradley Stratix 5900 Allen-bradley Stratix 8000 Allen-bradley Stratix 8300

Configuration 1 [-]

AND

OR	cpe:2.3:o:cisco:ios:5.2.0.base:::::::*
	cpe:2.3:o:cisco:ios_xe:5.2.0.base:::::::*
	cpe:2.3:o:cisco:ios_xr::::::::

OR	cpe:2.3:h:cisco:asr_9001:-:::::::*
	cpe:2.3:h:cisco:asr_9006:-:::::::*
	cpe:2.3:h:cisco:asr_9010:-:::::::*
	cpe:2.3:h:cisco:asr_9904:-:::::::*
	cpe:2.3:h:cisco:asr_9906:-:::::::*
	cpe:2.3:h:cisco:asr_9910:-:::::::*
	cpe:2.3:h:cisco:asr_9912:-:::::::*
	cpe:2.3:h:cisco:asr_9922:-:::::::*

Configuration 2 [-]

AND

OR	cpe:2.3:o:cisco:ios::::::::
	cpe:2.3:o:cisco:ios_xe::::::::

cpe:2.3:h:rockwellautomation:allen-bradley_stratix_5900:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

OR	cpe:2.3:o:cisco:ios::::::::
	cpe:2.3:o:cisco:ios_xe::::::::

OR	cpe:2.3:h:rockwellautomation:allen-bradley_armorstratix_5700:-:::::::*
	cpe:2.3:h:rockwellautomation:allen-bradley_stratix_5400:-:::::::*
	cpe:2.3:h:rockwellautomation:allen-bradley_stratix_5410:-:::::::*
	cpe:2.3:h:rockwellautomation:allen-bradley_stratix_5700:-:::::::*
	cpe:2.3:h:rockwellautomation:allen-bradley_stratix_8000:-:::::::*

Configuration 4 [-]

AND

OR	cpe:2.3:o:cisco:ios::::::::
	cpe:2.3:o:cisco:ios_xe::::::::

cpe:2.3:h:rockwellautomation:allen-bradley_stratix_8300:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/103564
http://www.securitytracker.com/id/1040586
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp

History

Wed, 13 Nov 2024 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2022-03-03'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2018-03-28T22:00:00

Updated: 2024-11-13T18:24:23.697Z

Reserved: 2017-11-27T00:00:00

Link: CVE-2018-0167

Vulnrichment

Updated: 2024-08-05T03:14:16.810Z

NVD

Status : Analyzed

Published: 2018-03-28T22:29:00.907

Modified: 2024-07-24T14:22:37.590

Link: CVE-2018-0167

Redhat

No data.

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation active

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object