← Voltar para CVEs
CVE-2018-0175
HIGHCISA KEV8.0
Descricao
Format String vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. Cisco Bug IDs: CSCvd73664.
Detalhes CVE
Pontuacao CVSS v3.18.0
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vetor de ataqueADJACENT_NETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioREQUIRED
Publicado3/28/2018
Ultima modificacao1/14/2026
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorCisco
ProdutoIOS, XR, and XE Software
Nome da vulnerabilidadeCisco IOS, XR, and XE Software Buffer Overflow Vulnerability
Data inclusao KEV2022-03-03
Prazo de remediacao2022-03-17
Uso em ransomwareUnknown
Produtos afetados
cisco:ioscisco:ios_xecisco:ios_xrrockwellautomation:allen-bradley_armorstratix_5700rockwellautomation:allen-bradley_stratix_5400rockwellautomation:allen-bradley_stratix_5410rockwellautomation:allen-bradley_stratix_5700rockwellautomation:allen-bradley_stratix_5900_services_routerrockwellautomation:allen-bradley_stratix_8000rockwellautomation:allen-bradley_stratix_8300_industrial_managed_ethernet_switch
Fraquezas (CWE)
CWE-119CWE-134
Referencias
http://www.securityfocus.com/bid/103564(psirt@cisco.com)
http://www.securitytracker.com/id/1040586(psirt@cisco.com)
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03(psirt@cisco.com)
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04(psirt@cisco.com)
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05(psirt@cisco.com)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp(psirt@cisco.com)
http://www.securityfocus.com/bid/103564(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1040586(af854a3a-2127-422b-91ae-364da2661108)
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03(af854a3a-2127-422b-91ae-364da2661108)
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04(af854a3a-2127-422b-91ae-364da2661108)
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05(af854a3a-2127-422b-91ae-364da2661108)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-0175(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.