Launching soon: The world's first vendor agnostic bug scrubLearn more & join waitlist
OPERATIONAL DEFECT DATABASE
...
...
A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an adjacent, unauthenticated attacker to create a DoS condition or execute arbitrary code with elevated privileges. The vulnerability exists due to improper error handling of malformed LLDP messages. An attacker that is directly connected to an interface of the affected device could exploit this vulnerability by submitting an LLDP protocol data unit (PDU) that is designed to trigger the issue. If successful, an exploitable buffer overflow condition may occur that could result in a DoS condition or the attacker gaining the ability to execute arbitrary code with elevated privileges. The Common Vulnerabilities and Exposures (CVE) ID for this vulnerability is: CVE-2018-0167 The Security Impact Rating (SIR) for this vulnerability is: High This advisory is part of the March 28, 2018, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 20 Cisco Security Advisories that describe 22 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: March 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp
Devices running an affected version of Cisco IOS, Cisco IOS XE, or Cisco IOS XR software with the LLDP feature enabled. To determine whether a release is affected by any published Cisco Security Advisory, use the Cisco IOS Software Checker on Cisco.com at the following link: https://tools.cisco.com/security/center/softwarechecker.x
None.
PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 3 score. The Base CVSS score as of the time of evaluation is 8.8: https://tools.cisco.com/security/center/cvssCalculator.x?version=3.0&vector=CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X CVE ID CVE-2018-0167 has been assigned to document this issue. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html