CVE-2018-0167
Cisco IOS, XR, and XE Software Buffer Overflow Vulnerability
Severity Score
8.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
Yes
*KEV
Decision
-
*SSVC
Descriptions
Multiple Buffer Overflow vulnerabilities in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. Cisco Bug IDs: CSCuo17183, CSCvd73487.
Múltiples vulnerabilidades de desbordamiento de búfer en el subsistema LLDP (Link Layer Discovery Protocol) de Cisco IOS Software, Cisco IOS XE Software y Cisco IOS XR Software podrían permitir que un atacante adyacente sin autenticar provoque una condición de denegación de servicio (DoS) o que ejecute código arbitrario con privilegios elevados en un dispositivo afectado. Cisco Bug IDs: CSCuo17183, CSCvd73487.
There is a buffer overflow vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software which could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-11-27 CVE Reserved
- 2018-03-28 CVE Published
- 2022-03-03 Exploited in Wild
- 2022-03-17 KEV Due Date
- 2024-07-25 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/103564 | Broken Link | |
| http://www.securitytracker.com/id/1040586 | Broken Link | |
| https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03 | Third Party Advisory | |
| https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04 | Third Party Advisory | |
| https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp | 2024-07-24 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 5.2.0.base Search vendor "Cisco" for product "Ios" and version "5.2.0.base" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9001 Search vendor "Cisco" for product "Asr 9001" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 5.2.0.base Search vendor "Cisco" for product "Ios" and version "5.2.0.base" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9006 Search vendor "Cisco" for product "Asr 9006" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 5.2.0.base Search vendor "Cisco" for product "Ios" and version "5.2.0.base" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9010 Search vendor "Cisco" for product "Asr 9010" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 5.2.0.base Search vendor "Cisco" for product "Ios" and version "5.2.0.base" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9904 Search vendor "Cisco" for product "Asr 9904" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 5.2.0.base Search vendor "Cisco" for product "Ios" and version "5.2.0.base" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9906 Search vendor "Cisco" for product "Asr 9906" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 5.2.0.base Search vendor "Cisco" for product "Ios" and version "5.2.0.base" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9910 Search vendor "Cisco" for product "Asr 9910" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 5.2.0.base Search vendor "Cisco" for product "Ios" and version "5.2.0.base" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9912 Search vendor "Cisco" for product "Asr 9912" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 5.2.0.base Search vendor "Cisco" for product "Ios" and version "5.2.0.base" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9922 Search vendor "Cisco" for product "Asr 9922" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 5.2.0.base Search vendor "Cisco" for product "Ios Xe" and version "5.2.0.base" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9001 Search vendor "Cisco" for product "Asr 9001" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 5.2.0.base Search vendor "Cisco" for product "Ios Xe" and version "5.2.0.base" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9006 Search vendor "Cisco" for product "Asr 9006" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 5.2.0.base Search vendor "Cisco" for product "Ios Xe" and version "5.2.0.base" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9010 Search vendor "Cisco" for product "Asr 9010" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 5.2.0.base Search vendor "Cisco" for product "Ios Xe" and version "5.2.0.base" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9904 Search vendor "Cisco" for product "Asr 9904" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 5.2.0.base Search vendor "Cisco" for product "Ios Xe" and version "5.2.0.base" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9906 Search vendor "Cisco" for product "Asr 9906" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 5.2.0.base Search vendor "Cisco" for product "Ios Xe" and version "5.2.0.base" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9910 Search vendor "Cisco" for product "Asr 9910" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 5.2.0.base Search vendor "Cisco" for product "Ios Xe" and version "5.2.0.base" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9912 Search vendor "Cisco" for product "Asr 9912" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 5.2.0.base Search vendor "Cisco" for product "Ios Xe" and version "5.2.0.base" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9922 Search vendor "Cisco" for product "Asr 9922" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | >= 4.1 < 5.1.3 Search vendor "Cisco" for product "Ios Xr" and version " >= 4.1 < 5.1.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9001 Search vendor "Cisco" for product "Asr 9001" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | >= 4.1 < 5.1.3 Search vendor "Cisco" for product "Ios Xr" and version " >= 4.1 < 5.1.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9006 Search vendor "Cisco" for product "Asr 9006" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | >= 4.1 < 5.1.3 Search vendor "Cisco" for product "Ios Xr" and version " >= 4.1 < 5.1.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9010 Search vendor "Cisco" for product "Asr 9010" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | >= 4.1 < 5.1.3 Search vendor "Cisco" for product "Ios Xr" and version " >= 4.1 < 5.1.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9904 Search vendor "Cisco" for product "Asr 9904" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | >= 4.1 < 5.1.3 Search vendor "Cisco" for product "Ios Xr" and version " >= 4.1 < 5.1.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9906 Search vendor "Cisco" for product "Asr 9906" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | >= 4.1 < 5.1.3 Search vendor "Cisco" for product "Ios Xr" and version " >= 4.1 < 5.1.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9910 Search vendor "Cisco" for product "Asr 9910" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | >= 4.1 < 5.1.3 Search vendor "Cisco" for product "Ios Xr" and version " >= 4.1 < 5.1.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9912 Search vendor "Cisco" for product "Asr 9912" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xr Search vendor "Cisco" for product "Ios Xr" | >= 4.1 < 5.1.3 Search vendor "Cisco" for product "Ios Xr" and version " >= 4.1 < 5.1.3" | - |
Affected
| in | Cisco Search vendor "Cisco" | Asr 9922 Search vendor "Cisco" for product "Asr 9922" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | <= 15.6.3m1 Search vendor "Cisco" for product "Ios" and version " <= 15.6.3m1" | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | Allen-bradley Stratix 5900 Search vendor "Rockwellautomation" for product "Allen-bradley Stratix 5900" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | <= 15.6.3m1 Search vendor "Cisco" for product "Ios Xe" and version " <= 15.6.3m1" | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | Allen-bradley Stratix 5900 Search vendor "Rockwellautomation" for product "Allen-bradley Stratix 5900" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | <= 15.2\(6\)e0a Search vendor "Cisco" for product "Ios" and version " <= 15.2\(6\)e0a" | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | Allen-bradley Armorstratix 5700 Search vendor "Rockwellautomation" for product "Allen-bradley Armorstratix 5700" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | <= 15.2\(6\)e0a Search vendor "Cisco" for product "Ios" and version " <= 15.2\(6\)e0a" | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | Allen-bradley Stratix 5400 Search vendor "Rockwellautomation" for product "Allen-bradley Stratix 5400" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | <= 15.2\(6\)e0a Search vendor "Cisco" for product "Ios" and version " <= 15.2\(6\)e0a" | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | Allen-bradley Stratix 5410 Search vendor "Rockwellautomation" for product "Allen-bradley Stratix 5410" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | <= 15.2\(6\)e0a Search vendor "Cisco" for product "Ios" and version " <= 15.2\(6\)e0a" | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | Allen-bradley Stratix 5700 Search vendor "Rockwellautomation" for product "Allen-bradley Stratix 5700" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | <= 15.2\(6\)e0a Search vendor "Cisco" for product "Ios" and version " <= 15.2\(6\)e0a" | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | Allen-bradley Stratix 8000 Search vendor "Rockwellautomation" for product "Allen-bradley Stratix 8000" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | <= 15.2\(6\)e0a Search vendor "Cisco" for product "Ios Xe" and version " <= 15.2\(6\)e0a" | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | Allen-bradley Armorstratix 5700 Search vendor "Rockwellautomation" for product "Allen-bradley Armorstratix 5700" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | <= 15.2\(6\)e0a Search vendor "Cisco" for product "Ios Xe" and version " <= 15.2\(6\)e0a" | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | Allen-bradley Stratix 5400 Search vendor "Rockwellautomation" for product "Allen-bradley Stratix 5400" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | <= 15.2\(6\)e0a Search vendor "Cisco" for product "Ios Xe" and version " <= 15.2\(6\)e0a" | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | Allen-bradley Stratix 5410 Search vendor "Rockwellautomation" for product "Allen-bradley Stratix 5410" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | <= 15.2\(6\)e0a Search vendor "Cisco" for product "Ios Xe" and version " <= 15.2\(6\)e0a" | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | Allen-bradley Stratix 5700 Search vendor "Rockwellautomation" for product "Allen-bradley Stratix 5700" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | <= 15.2\(6\)e0a Search vendor "Cisco" for product "Ios Xe" and version " <= 15.2\(6\)e0a" | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | Allen-bradley Stratix 8000 Search vendor "Rockwellautomation" for product "Allen-bradley Stratix 8000" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | <= 15.2\(4a\)ea5 Search vendor "Cisco" for product "Ios" and version " <= 15.2\(4a\)ea5" | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | Allen-bradley Stratix 8300 Search vendor "Rockwellautomation" for product "Allen-bradley Stratix 8300" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | <= 15.2\(4a\)ea5 Search vendor "Cisco" for product "Ios Xe" and version " <= 15.2\(4a\)ea5" | - |
Affected
| in | Rockwellautomation Search vendor "Rockwellautomation" | Allen-bradley Stratix 8300 Search vendor "Rockwellautomation" for product "Allen-bradley Stratix 8300" | - | - |
Safe
|