First published: Wed Mar 28 2018(Updated: )
Format string vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device.
Credit: ykramarz@cisco.com ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco IOS, XR, and XE Software | ||
Cisco IOS | =15.4\(3\)m4.1 | |
Cisco IOS XE | =15.4\(3\)m4.1 | |
Cisco IOS XR | =15.4\(3\)m4.1 | |
Rockwellautomation Allen-bradley Armorstratix 5700 | ||
Rockwellautomation Allen-bradley Stratix 5400 | ||
Rockwellautomation Allen-bradley Stratix 5410 | ||
Rockwellautomation Allen-bradley Stratix 5700 | ||
Rockwellautomation Allen-bradley Stratix 5900 Services Router | ||
Rockwellautomation Allen-bradley Stratix 8000 | ||
All of | ||
Any of | ||
Cisco IOS | <=15.2\(4a\)ea5 | |
Cisco IOS XE | <=15.2\(4a\)ea5 | |
Rockwellautomation Allen-bradley Stratix 8300 Industrial Managed Ethernet Switch | ||
All of | ||
Any of | ||
Cisco IOS | <=15.2\(6\)e0a | |
Cisco IOS XE | <=15.2\(6\)e0a | |
Any of | ||
Rockwellautomation Allen-bradley Armorstratix 5700 | ||
Rockwellautomation Allen-bradley Stratix 5400 | ||
Rockwellautomation Allen-bradley Stratix 5410 | ||
Rockwellautomation Allen-bradley Stratix 5700 | ||
Rockwellautomation Allen-bradley Stratix 8000 | ||
All of | ||
Any of | ||
Cisco IOS | <=15.6.3m1 | |
Cisco IOS XE | <=15.6.3m1 | |
Rockwellautomation Allen-bradley Stratix 5900 Services Router |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2018-0175.
The severity of CVE-2018-0175 is high with a severity value of 8.
The affected software for CVE-2018-0175 is Cisco IOS, XR, and XE Software version 15.4(3)m4.1.
An unauthenticated attacker can exploit CVE-2018-0175 by sending malicious requests to the Link Layer Discovery Protocol (LLDP) subsystem.
Yes, there are references available for CVE-2018-0175. You can find them at the following URLs: [Reference 1](http://www.securityfocus.com/bid/103564), [Reference 2](http://www.securitytracker.com/id/1040586), [Reference 3](https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03).