CVE-2018-0175

high-risk

Published 2018-03-28

Format String vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. Cisco Bug IDs: CSCvd73664.

Do I need to act?

2.9% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

CISA KEV: actively exploited in the wild

On the Known Exploited Vulnerabilities catalog — federal agencies must patch

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.0/10 High

ADJACENT_NETWORK / LOW complexity

Affected Products (5)

Ios

Ios Xe

Ios Xr

Ios

Ios Xe

Affected Vendors

Cisco

References (13)

Broken Link http://www.securityfocus.com/bid/103564

Broken Link http://www.securitytracker.com/id/1040586

Third Party Advisory https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03

Third Party Advisory https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04

Third Party Advisory https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05

Vendor Advisory https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2...

Broken Link http://www.securityfocus.com/bid/103564

Broken Link http://www.securitytracker.com/id/1040586

Third Party Advisory https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03

Third Party Advisory https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04

Third Party Advisory https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05

Vendor Advisory https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2...

US Government Resource https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-...

/ 100

high-risk

Severity 25/34 · High

Exploitability 13/34 · Low

Exposure 12/34 · Low