Vulnerability Description
A vulnerability in the implementation of Cisco Discovery Protocol functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust memory on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper memory handling by the affected software when the software processes high rates of Cisco Discovery Protocol packets that are sent to a device. An attacker could exploit this vulnerability by sending a high rate of Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to exhaust memory on the affected device, resulting in a DoS condition.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Ios | 15.5\(3\)s3.16 |
| Cisco | Ios Xe | 15.5\(3\)s3.16 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/105413Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-19-094-03
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- http://www.securityfocus.com/bid/105413Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-19-094-03
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
FAQ
What is CVE-2018-15373?
CVE-2018-15373 is a vulnerability with a CVSS score of 7.4 (HIGH). A vulnerability in the implementation of Cisco Discovery Protocol functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust memory on a...
How severe is CVE-2018-15373?
CVE-2018-15373 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-15373?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios, Cisco Ios Xe.