Vulnerability Description
A vulnerability in the Link Layer Discovery Protocol (LLDP) implementation for Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition when the device unexpectedly reloads. The vulnerability is due to improper input validation of certain type, length, value (TLV) fields of the LLDP frame header. An attacker could exploit this vulnerability by sending a crafted LLDP packet to an interface on the targeted device. A successful exploit could allow the attacker to cause the switch to reload unexpectedly.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Nx-Os | 6.0\(4\) |
| Cisco | Nexus 7000 10-Slot | - |
| Cisco | Nexus 7000 18-Slot | - |
| Cisco | Nexus 7000 4-Slot | - |
| Cisco | Nexus 7000 9-Slot | - |
| Cisco | Nexus 7700 10-Slot | - |
| Cisco | Nexus 7700 18-Slot | - |
| Cisco | Nexus 7700 2-Slot | - |
| Cisco | Nexus 7700 6-Slot | - |
| Cisco | Firepower Extensible Operating System | r231 |
| Cisco | Firepower 9300 | - |
| Cisco | Ucs | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/105674Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1041919Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- http://www.securityfocus.com/bid/105674Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1041919Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
FAQ
What is CVE-2018-0395?
CVE-2018-0395 is a vulnerability with a CVSS score of 8.8 (HIGH). A vulnerability in the Link Layer Discovery Protocol (LLDP) implementation for Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of servi...
How severe is CVE-2018-0395?
CVE-2018-0395 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-0395?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Nx-Os, Cisco Nexus 7000 10-Slot, Cisco Nexus 7000 18-Slot, Cisco Nexus 7000 4-Slot, Cisco Nexus 7000 9-Slot.