← Back

CVE-2018-0175

nvd nist
Published: Mar 28, 2018Modified: Jan 14, 2026CISA KEV

JSON object

Loading...
8.0
Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 2.1 / Impact: 5.9
Source: NVD

Description

Format String vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. Cisco Bug IDs: CSCvd73664.

Affected (9)

Products: Cisco: Ios, Ios Xe, Ios Xr
Cisco
3 products
Ios
Ios Xe
Ios Xr
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Ios
Version 15.4(3)m4.1
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Ios Xe
Version 15.4(3)m4.1
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Ios Xr
Version 15.4(3)m4.1
Configuration D
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ios
Up to 15.2\(4a\)ea5
Ios Xe
Up to 15.2\(4a\)ea5
Running on/withPlatform Versions
Rockwellautomation
Allen Bradley Stratix 8300 Industrial Managed Ethernet Switch
All versions
Configuration E
2 vulnerable · 5 platform
Vulnerable SoftwareAffected Versions
Ios
Up to 15.2\(6\)e0a
Ios Xe
Up to 15.2\(6\)e0a
Running on/withPlatform Versions
Rockwellautomation
Allen Bradley Armorstratix 5700
All versions
Rockwellautomation
Allen Bradley Stratix 5400
All versions
Rockwellautomation
Allen Bradley Stratix 5410
All versions
Rockwellautomation
Allen Bradley Stratix 5700
All versions
Rockwellautomation
Allen Bradley Stratix 8000
All versions
Configuration F
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ios
Up to 15.6.3m1
Ios Xe
Up to 15.6.3m1
Running on/withPlatform Versions
Rockwellautomation
Allen Bradley Stratix 5900 Services Router
All versions

Related CWEs

CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-134
Use of Externally-Controlled Format String
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

References (13)

Source: psirt@cisco.com
Broken LinkThird Party AdvisoryVDB Entry
Source: psirt@cisco.com
Broken LinkThird Party AdvisoryVDB Entry
Source: psirt@cisco.com
Third Party AdvisoryUS Government Resource
Source: psirt@cisco.com
Third Party AdvisoryUS Government Resource
Source: psirt@cisco.com
Third Party AdvisoryUS Government Resource
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource

Timeline

No history available yet.