CVE-2018-0167

Known Exploited

Description

Multiple Buffer Overflow vulnerabilities in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. Cisco Bug IDs: CSCuo17183, CSCvd73487.

References

Link	Tags
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp	vendor advisory
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03	third party advisory us government resource
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04	third party advisory us government resource
http://www.securitytracker.com/id/1040586	vdb entry third party advisory broken link
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05	third party advisory us government resource
http://www.securityfocus.com/bid/103564	vdb entry third party advisory broken link

Frequently Asked Questions

What is the severity of CVE-2018-0167?: CVE-2018-0167 has been scored as a high severity vulnerability.
How to fix CVE-2018-0167?: To fix CVE-2018-0167, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2018-0167 being actively exploited in the wild?: It is confirmed that CVE-2018-0167 is actively exploited. Be extra cautious if you are using vulnerable components. According to its EPSS score, there is a ~2% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2018-0167?: CVE-2018-0167 affects n/a Cisco IOS, IOS XE, and IOS XR.

Description

Category

CWE-119 – Improper Restriction of Operations within the Bounds of a Memory Buffer

References

Frequently Asked Questions