CVE-2018-0167 — HIGH (8.8) — White Hats Nepal

Q: How severe is CVE-2018-0167?

CVE-2018-0167 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-0167?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios, Cisco Ios Xe, Cisco Ios Xr, Cisco Asr 9001, Cisco Asr 9006.

Vulnerability Description

Multiple Buffer Overflow vulnerabilities in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. Cisco Bug IDs: CSCuo17183, CSCvd73487.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Cisco	Ios	5.2.0.base
Cisco	Ios Xe	5.2.0.base
Cisco	Ios Xr	>= 4.1, < 5.1.3
Cisco	Asr 9001	-
Cisco	Asr 9006	-
Cisco	Asr 9010	-
Cisco	Asr 9904	-
Cisco	Asr 9906	-
Cisco	Asr 9910	-
Cisco	Asr 9912	-
Cisco	Asr 9922	-
Rockwellautomation	Allen-Bradley Stratix 5900	-
Rockwellautomation	Allen-Bradley Armorstratix 5700	-
Rockwellautomation	Allen-Bradley Stratix 5400	-
Rockwellautomation	Allen-Bradley Stratix 5410	-
Rockwellautomation	Allen-Bradley Stratix 5700	-
Rockwellautomation	Allen-Bradley Stratix 8000	-
Rockwellautomation	Allen-Bradley Stratix 8300	-

Related Weaknesses (CWE)

CWE-119

References

http://www.securityfocus.com/bid/103564Broken LinkThird Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1040586Broken LinkThird Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03Third Party AdvisoryUS Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04Third Party AdvisoryUS Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05Third Party AdvisoryUS Government Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
http://www.securityfocus.com/bid/103564Broken LinkThird Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1040586Broken LinkThird Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03Third Party AdvisoryUS Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04Third Party AdvisoryUS Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05Third Party AdvisoryUS Government Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-US Government Resource

FAQ

What is CVE-2018-0167?

CVE-2018-0167 is a vulnerability with a CVSS score of 8.8 (HIGH). Multiple Buffer Overflow vulnerabilities in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, a...

How severe is CVE-2018-0167?

CVE-2018-0167 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-0167?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios, Cisco Ios Xe, Cisco Ios Xr, Cisco Asr 9001, Cisco Asr 9006.