OpenCVE

Format String vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. Cisco Bug IDs: CSCvd73664.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:A/AC:M/Au:N/C:C/I:C/A:C

This CVE is in the KEV database since March 3, 2022.

Exploitation active

Automatable no

Technical Impact total

Vendors	Products
Cisco	Ios Ios Xe Ios Xr
Rockwellautomation	Allen-bradley Armorstratix 5700 Allen-bradley Stratix 5400 Allen-bradley Stratix 5410 Allen-bradley Stratix 5700 Allen-bradley Stratix 5900 Services Router Allen-bradley Stratix 8000 Allen-bradley Stratix 8300 Industrial Managed Ethernet Switch

Configuration 1 [-]

cpe:2.3:o:cisco:ios:15.4\(3\)m4.1:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:cisco:ios_xe:15.4\(3\)m4.1:*:*:*:*:*:*:*

Configuration 3 [-]

cpe:2.3:o:cisco:ios_xr:15.4\(3\)m4.1:*:*:*:*:*:*:*

Configuration 4 [-]

AND

OR	cpe:2.3:o:cisco:ios::::::::
	cpe:2.3:o:cisco:ios_xe::::::::

cpe:2.3:h:rockwellautomation:allen-bradley_stratix_8300_industrial_managed_ethernet_switch:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

OR	cpe:2.3:o:cisco:ios::::::::
	cpe:2.3:o:cisco:ios_xe::::::::

OR	cpe:2.3:h:rockwellautomation:allen-bradley_armorstratix_5700:-:::::::*
	cpe:2.3:h:rockwellautomation:allen-bradley_stratix_5400:-:::::::*
	cpe:2.3:h:rockwellautomation:allen-bradley_stratix_5410:-:::::::*
	cpe:2.3:h:rockwellautomation:allen-bradley_stratix_5700:-:::::::*
	cpe:2.3:h:rockwellautomation:allen-bradley_stratix_8000:-:::::::*

Configuration 6 [-]

AND

OR	cpe:2.3:o:cisco:ios::::::::
	cpe:2.3:o:cisco:ios_xe::::::::

cpe:2.3:h:rockwellautomation:allen-bradley_stratix_5900_services_router:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/103564
http://www.securitytracker.com/id/1040586
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp

History

Wed, 13 Nov 2024 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2022-03-03'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2018-03-28T22:00:00

Updated: 2024-11-13T18:23:18.790Z

Reserved: 2017-11-27T00:00:00

Link: CVE-2018-0175

Vulnrichment

Updated: 2024-08-05T03:14:17.061Z

NVD

Status : Analyzed

Published: 2018-03-28T22:29:01.280

Modified: 2024-07-24T14:10:41.667

Link: CVE-2018-0175

Redhat

No data.

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Adjacent Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation active

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object