CVE-2018-0167

Published Mar 28, 2018

Last updated 3 days ago

Exploit known CVSS high 8.8

Overview

Description: Multiple Buffer Overflow vulnerabilities in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. Cisco Bug IDs: CSCuo17183, CSCvd73487.
Source: ykramarz@cisco.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 8.3
Impact score: 10
Exploitability score: 6.5
Vector string: AV:A/AC:L/Au:N/C:C/I:C/A:C

Known exploits

Data from CISA

Vulnerability name: Cisco IOS, XR, and XE Software Buffer Overflow Vulnerability
Exploit added on: Mar 3, 2022
Exploit action due: Mar 17, 2022
Required action: Apply updates per vendor instructions.

Weaknesses

ykramarz@cisco.com: CWE-119
nvd@nist.gov: CWE-119

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ios:5.2.0.base:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5F1A8DE5-8DBB-4A09-A9F2-8B5AF5E46896"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:5.2.0.base:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "95ECCCEC-FA36-481E-B714-3DA57AE89C5B"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C2213E83-7143-4ABF-9EFD-EB0928996464",
            "versionEndExcluding": "5.1.3",
            "versionStartIncluding": "4.1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "324C97E6-1810-404F-9F45-6240F99FF039"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "57EB55BB-41B7-40A1-B6F5-142FE8AB4C16"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "433F4A82-04A4-4EAA-8C19-F7581DCD8D29"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A93212A4-50AB-42E7-89A4-5FBBAEA050C3"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "EDA53A61-98B3-458C-8893-61CD7D6B1E48"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F396564E-B477-4A27-A189-CEB737552E25"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5445CC54-ACFB-4070-AF26-F91FEAA85181"
          },
          {
            "criteria": "cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D7AA58E5-D7E1-48CF-93FF-C60EB85B2BC7"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "65FB1D01-2A6F-496E-AD56-BBE03DEB9493",
            "versionEndIncluding": "15.6.3m1"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E51621B6-010D-4D9F-9A9D-C354D8BB8135",
            "versionEndIncluding": "15.6.3m1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:rockwellautomation:allen-bradley_stratix_5900:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1609D07F-FF2D-49D8-8672-9C512A69479D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AEE6CC29-29A9-4465-B0EA-1ECC435EBC55",
            "versionEndIncluding": "15.2\\(6\\)e0a"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DBBC562A-BC2C-4F64-B5D4-47C33BBEE3C7",
            "versionEndIncluding": "15.2\\(6\\)e0a"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:rockwellautomation:allen-bradley_armorstratix_5700:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D8849345-E011-4160-A91C-DB760497AF9A"
          },
          {
            "criteria": "cpe:2.3:h:rockwellautomation:allen-bradley_stratix_5400:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DE92939D-3D1E-445C-8888-F3EB4E35A034"
          },
          {
            "criteria": "cpe:2.3:h:rockwellautomation:allen-bradley_stratix_5410:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0B148D62-D1B2-4E40-9DDD-A8702DFAD2E4"
          },
          {
            "criteria": "cpe:2.3:h:rockwellautomation:allen-bradley_stratix_5700:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8994DEA7-C4EC-47B9-8AEA-832AF9D1F8E4"
          },
          {
            "criteria": "cpe:2.3:h:rockwellautomation:allen-bradley_stratix_8000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F9A02987-E6F4-41D2-92C5-016A22AC7D0A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C7690EC4-F375-4D0A-8EED-26E01ECFDE55",
            "versionEndIncluding": "15.2\\(4a\\)ea5"
          },
          {
            "criteria": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C90778E3-4A55-498F-9CD6-80F8029AA722",
            "versionEndIncluding": "15.2\\(4a\\)ea5"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:rockwellautomation:allen-bradley_stratix_8300:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3A97B3B5-6606-46F5-BCD8-141FDD6F6729"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Known exploits

Weaknesses

Social media

Configurations

References