CVE-2018-0167

Multiple Buffer Overflow vulnerabilities in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. Cisco Bug IDs: CSCuo17183, CSCvd73487.

CVSS v3.0 8.8 HIGH
CVSS v2.0 8.3 HIGH

8.8^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

8.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:A/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 6.5 / Impact : 10.0

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.securityfocus.com/bid/103564	Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/103564	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1040586	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1040586	Broken Link Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03	Third Party Advisory US Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03	Third Party Advisory US Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04	Third Party Advisory US Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04	Third Party Advisory US Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05	Third Party Advisory US Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05	Third Party Advisory US Government Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp	Vendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:cisco:ios:5.2.0.base:::::::*
	cpe:2.3:o:cisco:ios_xe:5.2.0.base:::::::*
	cpe:2.3:o:cisco:ios_xr::::::::

OR	cpe:2.3:h:cisco:asr_9001:-:::::::*
	cpe:2.3:h:cisco:asr_9006:-:::::::*
	cpe:2.3:h:cisco:asr_9010:-:::::::*
	cpe:2.3:h:cisco:asr_9904:-:::::::*
	cpe:2.3:h:cisco:asr_9906:-:::::::*
	cpe:2.3:h:cisco:asr_9910:-:::::::*
	cpe:2.3:h:cisco:asr_9912:-:::::::*
	cpe:2.3:h:cisco:asr_9922:-:::::::*

Configuration 2 (hide)

AND

OR	cpe:2.3:o:cisco:ios::::::::
	cpe:2.3:o:cisco:ios_xe::::::::

cpe:2.3:h:rockwellautomation:allen-bradley_stratix_5900:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

OR	cpe:2.3:o:cisco:ios::::::::
	cpe:2.3:o:cisco:ios_xe::::::::

OR	cpe:2.3:h:rockwellautomation:allen-bradley_armorstratix_5700:-:::::::*
	cpe:2.3:h:rockwellautomation:allen-bradley_stratix_5400:-:::::::*
	cpe:2.3:h:rockwellautomation:allen-bradley_stratix_5410:-:::::::*
	cpe:2.3:h:rockwellautomation:allen-bradley_stratix_5700:-:::::::*
	cpe:2.3:h:rockwellautomation:allen-bradley_stratix_8000:-:::::::*

Configuration 4 (hide)

AND

OR	cpe:2.3:o:cisco:ios::::::::
	cpe:2.3:o:cisco:ios_xe::::::::

cpe:2.3:h:rockwellautomation:allen-bradley_stratix_8300:-:*:*:*:*:*:*:*

History

27 Jan 2025, 19:58

Type	Values Removed	Values Added
References	~~(CONFIRM) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp - Vendor Advisory~~	() https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp - Vendor Advisory
References	~~(MISC) https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04 - Third Party Advisory, US Government Resource~~	() https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04 - Third Party Advisory, US Government Resource
References	~~(MISC) https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05 - Third Party Advisory, US Government Resource~~	() https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05 - Third Party Advisory, US Government Resource
References	~~(SECTRACK) http://www.securitytracker.com/id/1040586 - Broken Link, Third Party Advisory, VDB Entry~~	() http://www.securitytracker.com/id/1040586 - Broken Link, Third Party Advisory, VDB Entry
References	~~(BID) http://www.securityfocus.com/bid/103564 - Broken Link, Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/103564 - Broken Link, Third Party Advisory, VDB Entry
References	~~(MISC) https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03 - Third Party Advisory, US Government Resource~~	() https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03 - Third Party Advisory, US Government Resource

24 Jul 2024, 14:22

Type	Values Removed	Values Added
CPE	cpe:2.3:o:cisco:ios_xr:5.2.0.base:::::::*	cpe:2.3:o:cisco:ios_xe:::::::: cpe:2.3:o:cisco:ios_xr:::::::: cpe:2.3:o:cisco:ios::::::::
References	~~(SECTRACK) http://www.securitytracker.com/id/1040586 - Third Party Advisory, VDB Entry~~	(SECTRACK) http://www.securitytracker.com/id/1040586 - Broken Link, Third Party Advisory, VDB Entry
References	~~(BID) http://www.securityfocus.com/bid/103564 - Third Party Advisory, VDB Entry~~	(BID) http://www.securityfocus.com/bid/103564 - Broken Link, Third Party Advisory, VDB Entry

Information

Published : 2018-03-28 22:29

Updated : 2025-01-27 19:58

NVD link : CVE-2018-0167

Mitre link : CVE-2018-0167

JSON object : View

Products Affected

cisco

asr_9906
asr_9001
asr_9010
asr_9912
asr_9904
ios
asr_9910
ios_xr
ios_xe
asr_9006
asr_9922

rockwellautomation

allen-bradley_stratix_5400
allen-bradley_stratix_8300
allen-bradley_armorstratix_5700
allen-bradley_stratix_5900
allen-bradley_stratix_5700
allen-bradley_stratix_8000
allen-bradley_stratix_5410

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

8.8 /10