← Back

CVE-2018-0167

nvd nist
Published: Mar 28, 2018Modified: Jan 14, 2026CISA KEV

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

Multiple Buffer Overflow vulnerabilities in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. Cisco Bug IDs: CSCuo17183, CSCvd73487.

Affected (9)

Products: Cisco: Ios, Ios Xe, Ios Xr
Cisco
3 products
Ios
Ios Xe
Ios Xr
Configuration A
3 vulnerable · 8 platform
Vulnerable SoftwareAffected Versions
Ios
Version 5.2.0.base
Ios Xe
Version 5.2.0.base
Ios Xr
From 4.1 to 5.1.3
Running on/withPlatform Versions
Cisco
Asr 9001
All versions
Cisco
Asr 9006
All versions
Cisco
Asr 9010
All versions
Cisco
Asr 9904
All versions
Cisco
Asr 9906
All versions
Cisco
Asr 9910
All versions
Cisco
Asr 9912
All versions
Cisco
Asr 9922
All versions
Configuration B
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ios
Up to 15.6.3m1
Ios Xe
Up to 15.6.3m1
Running on/withPlatform Versions
Rockwellautomation
Allen Bradley Stratix 5900
All versions
Configuration C
2 vulnerable · 5 platform
Vulnerable SoftwareAffected Versions
Ios
Up to 15.2\(6\)e0a
Ios Xe
Up to 15.2\(6\)e0a
Running on/withPlatform Versions
Rockwellautomation
Allen Bradley Armorstratix 5700
All versions
Rockwellautomation
Allen Bradley Stratix 5400
All versions
Rockwellautomation
Allen Bradley Stratix 5410
All versions
Rockwellautomation
Allen Bradley Stratix 5700
All versions
Rockwellautomation
Allen Bradley Stratix 8000
All versions
Configuration D
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ios
Up to 15.2\(4a\)ea5
Ios Xe
Up to 15.2\(4a\)ea5
Running on/withPlatform Versions
Rockwellautomation
Allen Bradley Stratix 8300
All versions

Related CWEs

CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (13)

Source: psirt@cisco.com
Broken LinkThird Party AdvisoryVDB Entry
Source: psirt@cisco.com
Broken LinkThird Party AdvisoryVDB Entry
Source: psirt@cisco.com
Third Party AdvisoryUS Government Resource
Source: psirt@cisco.com
Third Party AdvisoryUS Government Resource
Source: psirt@cisco.com
Third Party AdvisoryUS Government Resource
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource

Timeline

No history available yet.