CVE-2018-0167 - Vulnerability Details

Multiple Buffer Overflow vulnerabilities in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. Cisco Bug IDs: CSCuo17183, CSCvd73487.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is in the KEV database since March 3, 2022.

Exploitation active

Automatable no

Technical Impact total

Vendors	Products
Cisco	Asr 9001 Asr 9006 Asr 9010 Asr 9904 Asr 9906 Asr 9910 Asr 9912 Asr 9922 Ios Ios Xe Ios Xr
Rockwellautomation	Allen-bradley Armorstratix 5700 Allen-bradley Stratix 5400 Allen-bradley Stratix 5410 Allen-bradley Stratix 5700 Allen-bradley Stratix 5900 Allen-bradley Stratix 8000 Allen-bradley Stratix 8300

Configuration 1 [-]

AND

OR	cpe:2.3:o:cisco:ios:5.2.0.base:::::::*
	cpe:2.3:o:cisco:ios_xe:5.2.0.base:::::::*
	cpe:2.3:o:cisco:ios_xr::::::::

OR	cpe:2.3:h:cisco:asr_9001:-:::::::*
	cpe:2.3:h:cisco:asr_9006:-:::::::*
	cpe:2.3:h:cisco:asr_9010:-:::::::*
	cpe:2.3:h:cisco:asr_9904:-:::::::*
	cpe:2.3:h:cisco:asr_9906:-:::::::*
	cpe:2.3:h:cisco:asr_9910:-:::::::*
	cpe:2.3:h:cisco:asr_9912:-:::::::*
	cpe:2.3:h:cisco:asr_9922:-:::::::*

Configuration 2 [-]

AND

OR	cpe:2.3:o:cisco:ios::::::::
	cpe:2.3:o:cisco:ios_xe::::::::

cpe:2.3:h:rockwellautomation:allen-bradley_stratix_5900:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

OR	cpe:2.3:o:cisco:ios::::::::
	cpe:2.3:o:cisco:ios_xe::::::::

OR	cpe:2.3:h:rockwellautomation:allen-bradley_armorstratix_5700:-:::::::*
	cpe:2.3:h:rockwellautomation:allen-bradley_stratix_5400:-:::::::*
	cpe:2.3:h:rockwellautomation:allen-bradley_stratix_5410:-:::::::*
	cpe:2.3:h:rockwellautomation:allen-bradley_stratix_5700:-:::::::*
	cpe:2.3:h:rockwellautomation:allen-bradley_stratix_8000:-:::::::*

Configuration 4 [-]

AND

OR	cpe:2.3:o:cisco:ios::::::::
	cpe:2.3:o:cisco:ios_xe::::::::

cpe:2.3:h:rockwellautomation:allen-bradley_stratix_8300:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/103564
http://www.securitytracker.com/id/1040586
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp

History

Wed, 13 Nov 2024 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2022-03-03'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2018-03-28T22:00:00

Updated: 2024-11-13T18:24:23.697Z

Reserved: 2017-11-27T00:00:00

Link: CVE-2018-0167

Vulnrichment

Updated: 2024-08-05T03:14:16.810Z

NVD

Status : Analyzed

Published: 2018-03-28T22:29:00.907

Modified: 2025-01-27T19:58:42.990

Link: CVE-2018-0167

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Cisco IOS, IOS XE, and IOS XR", "vendor": "n/a", "versions": [{"status": "affected", "version": "Cisco IOS, IOS XE, and IOS XR"}]}], "datePublic": "2018-03-28T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple Buffer Overflow vulnerabilities in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. Cisco Bug IDs: CSCuo17183, CSCvd73487."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-119", "description": "CWE-119", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-04-19T14:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp"}, {"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03"}, {"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04"}, {"name": "1040586", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1040586"}, {"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05"}, {"name": "103564", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/103564"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2018-0167", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco IOS, IOS XE, and IOS XR", "version": {"version_data": [{"version_value": "Cisco IOS, IOS XE, and IOS XR"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple Buffer Overflow vulnerabilities in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. Cisco Bug IDs: CSCuo17183, CSCvd73487."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-119"}]}]}, "references": {"reference_data": [{"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp", "refsource": "CONFIRM", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp"}, {"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03"}, {"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04"}, {"name": "1040586", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040586"}, {"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05"}, {"name": "103564", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103564"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:14:16.810Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04"}, {"name": "1040586", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1040586"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05"}, {"name": "103564", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/103564"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-08T17:25:01.571442Z", "id": "CVE-2018-0167", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2022-03-03", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-0167"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-13T18:24:23.697Z"}}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2018-0167", "datePublished": "2018-03-28T22:00:00", "dateReserved": "2017-11-27T00:00:00", "dateUpdated": "2024-11-13T18:24:23.697Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "http://www.securitytracker.com/id/1040586", "name": "1040586", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"]}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "http://www.securityfocus.com/bid/103564", "name": "103564", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:14:16.810Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2018-0167", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-11-08T17:25:01.571442Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2022-03-03", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-0167"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-08T16:06:32.610Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "Cisco IOS, IOS XE, and IOS XR", "versions": [{"status": "affected", "version": "Cisco IOS, IOS XE, and IOS XR"}]}], "datePublic": "2018-03-28T00:00:00", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03", "tags": ["x_refsource_MISC"]}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04", "tags": ["x_refsource_MISC"]}, {"url": "http://www.securitytracker.com/id/1040586", "name": "1040586", "tags": ["vdb-entry", "x_refsource_SECTRACK"]}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05", "tags": ["x_refsource_MISC"]}, {"url": "http://www.securityfocus.com/bid/103564", "name": "103564", "tags": ["vdb-entry", "x_refsource_BID"]}], "descriptions": [{"lang": "en", "value": "Multiple Buffer Overflow vulnerabilities in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. Cisco Bug IDs: CSCuo17183, CSCvd73487."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "CWE-119"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2018-04-19T14:57:01"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "Cisco IOS, IOS XE, and IOS XR"}]}, "product_name": "Cisco IOS, IOS XE, and IOS XR"}]}, "vendor_name": "n/a"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp", "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp", "refsource": "CONFIRM"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03", "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03", "refsource": "MISC"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04", "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04", "refsource": "MISC"}, {"url": "http://www.securitytracker.com/id/1040586", "name": "1040586", "refsource": "SECTRACK"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05", "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05", "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/103564", "name": "103564", "refsource": "BID"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "Multiple Buffer Overflow vulnerabilities in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. Cisco Bug IDs: CSCuo17183, CSCvd73487."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-119"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2018-0167", "STATE": "PUBLIC", "ASSIGNER": "psirt@cisco.com"}}}}, "cveMetadata": {"cveId": "CVE-2018-0167", "state": "PUBLISHED", "dateUpdated": "2024-11-13T18:24:23.697Z", "dateReserved": "2017-11-27T00:00:00", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2018-03-28T22:00:00", "assignerShortName": "cisco"}, "dataVersion": "5.1"}

{"cisaActionDue": "2022-03-17", "cisaExploitAdd": "2022-03-03", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Cisco IOS, XR, and XE Software Buffer Overflow Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios:5.2.0.base:*:*:*:*:*:*:*", "matchCriteriaId": "5F1A8DE5-8DBB-4A09-A9F2-8B5AF5E46896", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:5.2.0.base:*:*:*:*:*:*:*", "matchCriteriaId": "95ECCCEC-FA36-481E-B714-3DA57AE89C5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*", "matchCriteriaId": "C2213E83-7143-4ABF-9EFD-EB0928996464", "versionEndExcluding": "5.1.3", "versionStartIncluding": "4.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:*:*", "matchCriteriaId": "324C97E6-1810-404F-9F45-6240F99FF039", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:*:*", "matchCriteriaId": "57EB55BB-41B7-40A1-B6F5-142FE8AB4C16", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:*:*", "matchCriteriaId": "433F4A82-04A4-4EAA-8C19-F7581DCD8D29", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:*:*", "matchCriteriaId": "A93212A4-50AB-42E7-89A4-5FBBAEA050C3", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:*:*", "matchCriteriaId": "EDA53A61-98B3-458C-8893-61CD7D6B1E48", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:*:*", "matchCriteriaId": "F396564E-B477-4A27-A189-CEB737552E25", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:*:*", "matchCriteriaId": "5445CC54-ACFB-4070-AF26-F91FEAA85181", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:*:*", "matchCriteriaId": "D7AA58E5-D7E1-48CF-93FF-C60EB85B2BC7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*", "matchCriteriaId": "65FB1D01-2A6F-496E-AD56-BBE03DEB9493", "versionEndIncluding": "15.6.3m1", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*", "matchCriteriaId": "E51621B6-010D-4D9F-9A9D-C354D8BB8135", "versionEndIncluding": "15.6.3m1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:allen-bradley_stratix_5900:-:*:*:*:*:*:*:*", "matchCriteriaId": "1609D07F-FF2D-49D8-8672-9C512A69479D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*", "matchCriteriaId": "AEE6CC29-29A9-4465-B0EA-1ECC435EBC55", "versionEndIncluding": "15.2\\(6\\)e0a", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*", "matchCriteriaId": "DBBC562A-BC2C-4F64-B5D4-47C33BBEE3C7", "versionEndIncluding": "15.2\\(6\\)e0a", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:allen-bradley_armorstratix_5700:-:*:*:*:*:*:*:*", "matchCriteriaId": "D8849345-E011-4160-A91C-DB760497AF9A", "vulnerable": false}, {"criteria": "cpe:2.3:h:rockwellautomation:allen-bradley_stratix_5400:-:*:*:*:*:*:*:*", "matchCriteriaId": "DE92939D-3D1E-445C-8888-F3EB4E35A034", "vulnerable": false}, {"criteria": "cpe:2.3:h:rockwellautomation:allen-bradley_stratix_5410:-:*:*:*:*:*:*:*", "matchCriteriaId": "0B148D62-D1B2-4E40-9DDD-A8702DFAD2E4", "vulnerable": false}, {"criteria": "cpe:2.3:h:rockwellautomation:allen-bradley_stratix_5700:-:*:*:*:*:*:*:*", "matchCriteriaId": "8994DEA7-C4EC-47B9-8AEA-832AF9D1F8E4", "vulnerable": false}, {"criteria": "cpe:2.3:h:rockwellautomation:allen-bradley_stratix_8000:-:*:*:*:*:*:*:*", "matchCriteriaId": "F9A02987-E6F4-41D2-92C5-016A22AC7D0A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*", "matchCriteriaId": "C7690EC4-F375-4D0A-8EED-26E01ECFDE55", "versionEndIncluding": "15.2\\(4a\\)ea5", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*", "matchCriteriaId": "C90778E3-4A55-498F-9CD6-80F8029AA722", "versionEndIncluding": "15.2\\(4a\\)ea5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:allen-bradley_stratix_8300:-:*:*:*:*:*:*:*", "matchCriteriaId": "3A97B3B5-6606-46F5-BCD8-141FDD6F6729", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple Buffer Overflow vulnerabilities in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. Cisco Bug IDs: CSCuo17183, CSCvd73487."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de desbordamiento de b\u00fafer en el subsistema LLDP (Link Layer Discovery Protocol) de Cisco IOS Software, Cisco IOS XE Software y Cisco IOS XR Software podr\u00edan permitir que un atacante adyacente sin autenticar provoque una condici\u00f3n de denegaci\u00f3n de servicio (DoS) o que ejecute c\u00f3digo arbitrario con privilegios elevados en un dispositivo afectado. Cisco Bug IDs: CSCuo17183, CSCvd73487."}], "id": "CVE-2018-0167", "lastModified": "2025-01-27T19:58:42.990", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 8.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-03-28T22:29:00.907", "references": [{"source": "psirt@cisco.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/103564"}, {"source": "psirt@cisco.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1040586"}, {"source": "psirt@cisco.com", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03"}, {"source": "psirt@cisco.com", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04"}, {"source": "psirt@cisco.com", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05"}, {"source": "psirt@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/103564"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1040586"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp"}], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "psirt@cisco.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation active

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object