First published: Wed Mar 28 2018(Updated: )
Multiple Buffer Overflow vulnerabilities in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. Cisco Bug IDs: CSCuo17183, CSCvd73487.
Credit: ykramarz@cisco.com ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco IOS | =5.2.0.base | |
Cisco IOS XE | =5.2.0.base | |
Cisco IOS XR | =5.2.0.base | |
Cisco Asr 9001 | ||
Cisco Asr 9006 | ||
Cisco Asr 9010 | ||
Cisco Asr 9904 | ||
Cisco Asr 9906 | ||
Cisco Asr 9910 | ||
Cisco Asr 9912 | ||
Cisco Asr 9922 | ||
Rockwellautomation Allen-bradley Armorstratix 5700 | ||
Rockwellautomation Allen-bradley Stratix 5400 | ||
Rockwellautomation Allen-bradley Stratix 5410 | ||
Rockwellautomation Allen-bradley Stratix 5700 | ||
Rockwellautomation Allen-bradley Stratix 5900 | ||
Rockwellautomation Allen-bradley Stratix 8000 | ||
Rockwellautomation Allen-bradley Stratix 8300 | ||
All of | ||
Any of | ||
Cisco IOS | =5.2.0.base | |
Cisco IOS XE | =5.2.0.base | |
Cisco IOS XR | >=4.1<5.1.3 | |
Any of | ||
Cisco Asr 9001 | ||
Cisco Asr 9006 | ||
Cisco Asr 9010 | ||
Cisco Asr 9904 | ||
Cisco Asr 9906 | ||
Cisco Asr 9910 | ||
Cisco Asr 9912 | ||
Cisco Asr 9922 | ||
All of | ||
Any of | ||
Cisco IOS | <=15.6.3m1 | |
Cisco IOS XE | <=15.6.3m1 | |
Rockwellautomation Allen-bradley Stratix 5900 | ||
All of | ||
Any of | ||
Cisco IOS | <=15.2\(6\)e0a | |
Cisco IOS XE | <=15.2\(6\)e0a | |
Any of | ||
Rockwellautomation Allen-bradley Armorstratix 5700 | ||
Rockwellautomation Allen-bradley Stratix 5400 | ||
Rockwellautomation Allen-bradley Stratix 5410 | ||
Rockwellautomation Allen-bradley Stratix 5700 | ||
Rockwellautomation Allen-bradley Stratix 8000 | ||
All of | ||
Any of | ||
Cisco IOS | <=15.2\(4a\)ea5 | |
Cisco IOS XE | <=15.2\(4a\)ea5 | |
Rockwellautomation Allen-bradley Stratix 8300 | ||
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-0167 is a vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS XR and XE Software that could allow an unauthenticated attacker to cause a denial of service (DoS) or execute arbitrary code.
Cisco IOS, XR, and XE Software versions 5.2.0.base are affected by CVE-2018-0167.
CVE-2018-0167 has a severity rating of 8.8, which is considered high.
Update to a fixed version of Cisco IOS, XR, or XE Software as recommended by Cisco.
You can find more information about CVE-2018-0167 on the following websites: [SecurityFocus](http://www.securityfocus.com/bid/103564), [SecurityTracker](http://www.securitytracker.com/id/1040586), [ICS-CERT](https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03).