CVE-2018-0471
HIGHCisco Ios XE - Resource Leak
Title source: ruleDescription
A vulnerability in the Cisco Discovery Protocol (CDP) module of Cisco IOS XE Software Releases 16.6.1 and 16.6.2 could allow an unauthenticated, adjacent attacker to cause a memory leak that may lead to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain CDP packets. An attacker could exploit this vulnerability by sending certain CDP packets to an affected device. A successful exploit could cause an affected device to continuously consume memory and eventually result in a memory allocation failure that leads to a crash, triggering a reload of the affected device.
Scores
CVSS v3
7.4
EPSS
0.0022
EPSS Percentile
44.9%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Classification
CWE
CWE-772
CWE-400
Status
published
Affected Products (2)
cisco/ios_xe
cisco/ios_xe
Timeline
Published
Oct 05, 2018
Tracked Since
Feb 18, 2026