CVE-2018-0175
CVE-2018-0175
In short
A format string flaw in Cisco's LLDP protocol handling allows an attacker on the same network to crash the device or run malicious code with high privileges. This matters because LLDP is used for device discovery, making any network neighbor a potential threat.
Technical detail
Format string vulnerability in LLDP subsystem allows adjacent, unauthenticated attackers to trigger memory corruption or code execution via specially crafted LLDP packets. Pre-condition: victim device must be running affected Cisco IOS/IOS XE/IOS XR versions with LLDP enabled. Impact includes denial of service and arbitrary code execution with elevated privileges.
Summary generated and translated by AI from the official description.
Format String vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. Cisco Bug IDs: CSCvd73664.
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · Cisco IOS, IOS XE, and IOS XRWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldphttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-0175http://www.securityfocus.com/bid/103564http://www.securitytracker.com/id/1040586