CVE-2018-0175

HIGH KEV

Cisco Ios < 15.2\(4a\)ea5 - Format String Vulnerability

Title source: rule

Description

Format String vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. Cisco Bug IDs: CSCvd73664.

References (7)

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/103564

[Broken Link, Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1040586

[Third Party Advisory, US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03

[Third Party Advisory, US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04

[Third Party Advisory, US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05

[Vendor Advisory] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-0175

Scores

CVSS v3 8.0

EPSS 0.0292

EPSS Percentile 86.4%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-03-03

VulnCheck KEV 2022-03-03

InTheWild.io 2022-03-03

ENISA EUVD EUVD-2018-0998

CWE

CWE-119 CWE-134

Status published

Products (5)

cisco/ios 15.4\(3\)m4.1

cisco/ios < 15.2\(4a\)ea5

cisco/ios_xe 15.4\(3\)m4.1

cisco/ios_xe < 15.2\(4a\)ea5

cisco/ios_xr 15.4\(3\)m4.1

Published Mar 28, 2018

KEV Added Mar 03, 2022

Tracked Since Feb 18, 2026