Vulnerability-Lookup

BDU:2022-04550

Vulnerability from fstec - Published: 17.04.2018

Title

Уязвимость реализации протокола Link Layer Discovery Protocol (LLDP) операционных систем Cisco IOS, Cisco IOS XE и Cisco IOS XR, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Description

Уязвимость реализации протокола Link Layer Discovery Protocol (LLDP) операционных систем Cisco IOS, Cisco IOS XE и Cisco IOS XR вызвана выходом операции за границы буфера в памяти. Эксплуатация уязвимости может позволить нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity ?


                    
                      AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vendor

Cisco Systems Inc., Rockwell Automation Inc.

Software Name

Cisco IOS, Cisco IOS XE, Allen Bradley Armorstratix 5700, Allen Bradley Stratix 5400, Allen Bradley Stratix 5410, Allen Bradley Stratix 5700, Cisco IOS XR, Allen Bradley Stratix 5900 Services router, Allen Bradley Stratix 8000

Software Version

15.3s (Cisco IOS), - (Cisco IOS XE), 12.2EZ (Cisco IOS), 12.2SXH (Cisco IOS), 12.2SXI (Cisco IOS), 15.2S (Cisco IOS), 15.0EY (Cisco IOS), 15.1S (Cisco IOS), 15.0SY (Cisco IOS), 12.2SXJ (Cisco IOS), 15.0SG (Cisco IOS), 15.0EX (Cisco IOS), 15.1SY (Cisco IOS), 15.4S (Cisco IOS), 15.2SC (Cisco IOS), 15.2SY (Cisco IOS), 15.2JAZ (Cisco IOS), 15.5S (Cisco IOS), 15.3SY (Cisco IOS), 15.6SP (Cisco IOS), 15.4SY (Cisco IOS), 15.5SY (Cisco IOS), 15.3T (Cisco IOS), 15.2M (Cisco IOS), 15.2GC (Cisco IOS), 15.4T (Cisco IOS), 15.1MRA (Cisco IOS), 15.1SVB (Cisco IOS), 15.2JB (Cisco IOS), 15.3M (Cisco IOS), 15.2JN (Cisco IOS), 15.1SVD (Cisco IOS), 15.1SVF (Cisco IOS), 15.1SVE (Cisco IOS), 15.4M (Cisco IOS), 15.2SD (Cisco IOS), 15.3XB (Cisco IOS), 15.4CG (Cisco IOS), 15.1SVG (Cisco IOS), 15.5T (Cisco IOS), 15.4SN (Cisco IOS), 15.3JN (Cisco IOS), 15.1SVH (Cisco IOS), 15.5M (Cisco IOS), 15.3JA (Cisco IOS), 15.3JAB (Cisco IOS), 15.3JB (Cisco IOS), 15.5SN (Cisco IOS), 15.6S (Cisco IOS), 15.1SVI (Cisco IOS), 15.6T (Cisco IOS), 15.3JNB (Cisco IOS), 15.3JAX (Cisco IOS), 15.3JBB (Cisco IOS), 15.3JC (Cisco IOS), 15.3JNC (Cisco IOS), 15.3JNP (Cisco IOS), 15.5XB (Cisco IOS), 15.6SN (Cisco IOS), 15.3JPB (Cisco IOS), 15.3JD (Cisco IOS), 15.1SVJ (Cisco IOS), 15.3JPC (Cisco IOS), 15.3JND (Cisco IOS), 15.3JE (Cisco IOS), 15.3JPD (Cisco IOS), 15.3JDA (Cisco IOS), 15.3JF (Cisco IOS), 15.3JCA (Cisco IOS), 15.1SG (Cisco IOS), 15.2E (Cisco IOS), 12.2SE (Cisco IOS), 12.2EX (Cisco IOS), 12.2EY (Cisco IOS), 12.2SG (Cisco IOS), 12.2SQ (Cisco IOS), 15.0XO (Cisco IOS), 12.2WO (Cisco IOS), 15.0SE (Cisco IOS), 15.0EZ (Cisco IOS), 15.2EY (Cisco IOS), 15.0EJ (Cisco IOS), 15.2EX (Cisco IOS), 15.0EK (Cisco IOS), 15.2EB (Cisco IOS), 15.2EA (Cisco IOS), 15.0SQD (Cisco IOS), 15.1SVS (Cisco IOS), 15.3JK (Cisco IOS), 15.1SVR (Cisco IOS), - (Allen Bradley Armorstratix 5700), - (Allen Bradley Stratix 5400), - (Allen Bradley Stratix 5410), - (Allen Bradley Stratix 5700), до 5.1.3 (Cisco IOS XR), - (Allen Bradley Stratix 5900 Services router), - (Allen Bradley Stratix 8000), 15.1SVU (Cisco IOS), 15.1SVV (Cisco IOS), 15.1SVX (Cisco IOS), 15.1SVW (Cisco IOS)

Possible Mitigations

Использование рекомендаций производителя: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp

Reference

https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp https://nvd.nist.gov/vuln/detail/CVE-2018-0175 https://www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv

CWE

CWE-119, CWE-134

JSON

To clipboard

{
  "CVSS 2.0": "AV:A/AC:M/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Cisco Systems Inc., Rockwell Automation Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "15.3s (Cisco IOS), - (Cisco IOS XE), 12.2EZ (Cisco IOS), 12.2SXH (Cisco IOS), 12.2SXI (Cisco IOS), 15.2S (Cisco IOS), 15.0EY (Cisco IOS), 15.1S (Cisco IOS), 15.0SY (Cisco IOS), 12.2SXJ (Cisco IOS), 15.0SG (Cisco IOS), 15.0EX (Cisco IOS), 15.1SY (Cisco IOS), 15.4S (Cisco IOS), 15.2SC (Cisco IOS), 15.2SY (Cisco IOS), 15.2JAZ (Cisco IOS), 15.5S (Cisco IOS), 15.3SY (Cisco IOS), 15.6SP (Cisco IOS), 15.4SY (Cisco IOS), 15.5SY (Cisco IOS), 15.3T (Cisco IOS), 15.2M (Cisco IOS), 15.2GC (Cisco IOS), 15.4T (Cisco IOS), 15.1MRA (Cisco IOS), 15.1SVB (Cisco IOS), 15.2JB (Cisco IOS), 15.3M (Cisco IOS), 15.2JN (Cisco IOS), 15.1SVD (Cisco IOS), 15.1SVF (Cisco IOS), 15.1SVE (Cisco IOS), 15.4M (Cisco IOS), 15.2SD (Cisco IOS), 15.3XB (Cisco IOS), 15.4CG (Cisco IOS), 15.1SVG (Cisco IOS), 15.5T (Cisco IOS), 15.4SN (Cisco IOS), 15.3JN (Cisco IOS), 15.1SVH (Cisco IOS), 15.5M (Cisco IOS), 15.3JA (Cisco IOS), 15.3JAB (Cisco IOS), 15.3JB (Cisco IOS), 15.5SN (Cisco IOS), 15.6S (Cisco IOS), 15.1SVI (Cisco IOS), 15.6T (Cisco IOS), 15.3JNB (Cisco IOS), 15.3JAX (Cisco IOS), 15.3JBB (Cisco IOS), 15.3JC (Cisco IOS), 15.3JNC (Cisco IOS), 15.3JNP (Cisco IOS), 15.5XB (Cisco IOS), 15.6SN (Cisco IOS), 15.3JPB (Cisco IOS), 15.3JD (Cisco IOS), 15.1SVJ (Cisco IOS), 15.3JPC (Cisco IOS), 15.3JND (Cisco IOS), 15.3JE (Cisco IOS), 15.3JPD (Cisco IOS), 15.3JDA (Cisco IOS), 15.3JF (Cisco IOS), 15.3JCA (Cisco IOS), 15.1SG (Cisco IOS), 15.2E (Cisco IOS), 12.2SE (Cisco IOS), 12.2EX (Cisco IOS), 12.2EY (Cisco IOS), 12.2SG (Cisco IOS), 12.2SQ (Cisco IOS), 15.0XO (Cisco IOS), 12.2WO (Cisco IOS), 15.0SE (Cisco IOS), 15.0EZ (Cisco IOS), 15.2EY (Cisco IOS), 15.0EJ (Cisco IOS), 15.2EX (Cisco IOS), 15.0EK (Cisco IOS), 15.2EB (Cisco IOS), 15.2EA (Cisco IOS), 15.0SQD (Cisco IOS), 15.1SVS (Cisco IOS), 15.3JK (Cisco IOS), 15.1SVR (Cisco IOS), - (Allen Bradley Armorstratix 5700), - (Allen Bradley Stratix 5400), - (Allen Bradley Stratix 5410), - (Allen Bradley Stratix 5700), \u0434\u043e 5.1.3 (Cisco IOS XR), - (Allen Bradley Stratix 5900 Services router), - (Allen Bradley Stratix 8000), 15.1SVU (Cisco IOS), 15.1SVV (Cisco IOS), 15.1SVX (Cisco IOS), 15.1SVW (Cisco IOS)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "17.04.2018",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "24.09.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "20.07.2022",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-04550",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2018-0175",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Cisco IOS, Cisco IOS XE, Allen Bradley Armorstratix 5700, Allen Bradley Stratix 5400, Allen Bradley Stratix 5410, Allen Bradley Stratix 5700, Cisco IOS XR, Allen Bradley Stratix 5900 Services router, Allen Bradley Stratix 8000",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Cisco Systems Inc. Cisco IOS 15.3s , Cisco Systems Inc. Cisco IOS XE - , Cisco Systems Inc. Cisco IOS 12.2EZ , Cisco Systems Inc. Cisco IOS 12.2SXH , Cisco Systems Inc. Cisco IOS 12.2SXI , Cisco Systems Inc. Cisco IOS 15.2S , Cisco Systems Inc. Cisco IOS 15.0EY , Cisco Systems Inc. Cisco IOS 15.1S , Cisco Systems Inc. Cisco IOS 15.0SY , Cisco Systems Inc. Cisco IOS 12.2SXJ , Cisco Systems Inc. Cisco IOS 15.0SG , Cisco Systems Inc. Cisco IOS 15.0EX , Cisco Systems Inc. Cisco IOS 15.1SY , Cisco Systems Inc. Cisco IOS 15.4S , Cisco Systems Inc. Cisco IOS 15.2SC , Cisco Systems Inc. Cisco IOS 15.2SY , Cisco Systems Inc. Cisco IOS 15.2JAZ , Cisco Systems Inc. Cisco IOS 15.5S , Cisco Systems Inc. Cisco IOS 15.3SY , Cisco Systems Inc. Cisco IOS 15.6SP , Cisco Systems Inc. Cisco IOS 15.4SY , Cisco Systems Inc. Cisco IOS 15.5SY , Cisco Systems Inc. Cisco IOS 15.3T , Cisco Systems Inc. Cisco IOS 15.2M , Cisco Systems Inc. Cisco IOS 15.2GC , Cisco Systems Inc. Cisco IOS 15.4T , Cisco Systems Inc. Cisco IOS 15.1MRA , Cisco Systems Inc. Cisco IOS 15.1SVB , Cisco Systems Inc. Cisco IOS 15.2JB , Cisco Systems Inc. Cisco IOS 15.3M , Cisco Systems Inc. Cisco IOS 15.2JN , Cisco Systems Inc. Cisco IOS 15.1SVD , Cisco Systems Inc. Cisco IOS 15.1SVF , Cisco Systems Inc. Cisco IOS 15.1SVE , Cisco Systems Inc. Cisco IOS 15.4M , Cisco Systems Inc. Cisco IOS 15.2SD , Cisco Systems Inc. Cisco IOS 15.3XB , Cisco Systems Inc. Cisco IOS 15.4CG , Cisco Systems Inc. Cisco IOS 15.1SVG , Cisco Systems Inc. Cisco IOS 15.5T , Cisco Systems Inc. Cisco IOS 15.4SN , Cisco Systems Inc. Cisco IOS 15.3JN , Cisco Systems Inc. Cisco IOS 15.1SVH , Cisco Systems Inc. Cisco IOS 15.5M , Cisco Systems Inc. Cisco IOS 15.3JA , Cisco Systems Inc. Cisco IOS 15.3JAB , Cisco Systems Inc. Cisco IOS 15.3JB , Cisco Systems Inc. Cisco IOS 15.5SN , Cisco Systems Inc. Cisco IOS 15.6S , Cisco Systems Inc. Cisco IOS 15.1SVI , Cisco Systems Inc. Cisco IOS 15.6T , Cisco Systems Inc. Cisco IOS 15.3JNB , Cisco Systems Inc. Cisco IOS 15.3JAX , Cisco Systems Inc. Cisco IOS 15.3JBB , Cisco Systems Inc. Cisco IOS 15.3JC , Cisco Systems Inc. Cisco IOS 15.3JNC , Cisco Systems Inc. Cisco IOS 15.3JNP , Cisco Systems Inc. Cisco IOS 15.5XB , Cisco Systems Inc. Cisco IOS 15.6SN , Cisco Systems Inc. Cisco IOS 15.3JPB , Cisco Systems Inc. Cisco IOS 15.3JD , Cisco Systems Inc. Cisco IOS 15.1SVJ , Cisco Systems Inc. Cisco IOS 15.3JPC , Cisco Systems Inc. Cisco IOS 15.3JND , Cisco Systems Inc. Cisco IOS 15.3JE , Cisco Systems Inc. Cisco IOS 15.3JPD , Cisco Systems Inc. Cisco IOS 15.3JDA , Cisco Systems Inc. Cisco IOS 15.3JF , Cisco Systems Inc. Cisco IOS 15.3JCA , Cisco Systems Inc. Cisco IOS 15.1SG , Cisco Systems Inc. Cisco IOS 15.2E , Cisco Systems Inc. Cisco IOS 12.2SE , Cisco Systems Inc. Cisco IOS 12.2EX , Cisco Systems Inc. Cisco IOS 12.2EY , Cisco Systems Inc. Cisco IOS 12.2SG , Cisco Systems Inc. Cisco IOS 12.2SQ , Cisco Systems Inc. Cisco IOS 15.0XO , Cisco Systems Inc. Cisco IOS 12.2WO , Cisco Systems Inc. Cisco IOS 15.0SE , Cisco Systems Inc. Cisco IOS 15.0EZ , Cisco Systems Inc. Cisco IOS 15.2EY , Cisco Systems Inc. Cisco IOS 15.0EJ , Cisco Systems Inc. Cisco IOS 15.2EX , Cisco Systems Inc. Cisco IOS 15.0EK , Cisco Systems Inc. Cisco IOS 15.2EB , Cisco Systems Inc. Cisco IOS 15.2EA , Cisco Systems Inc. Cisco IOS 15.0SQD , Cisco Systems Inc. Cisco IOS 15.1SVS , Cisco Systems Inc. Cisco IOS 15.3JK , Cisco Systems Inc. Cisco IOS 15.1SVR , Cisco Systems Inc. Cisco IOS XR \u0434\u043e 5.1.3 , Cisco Systems Inc. Cisco IOS 15.1SVU , Cisco Systems Inc. Cisco IOS 15.1SVV , Cisco Systems Inc. Cisco IOS 15.1SVX , Cisco Systems Inc. Cisco IOS 15.1SVW ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 Link Layer Discovery Protocol (LLDP) \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c Cisco IOS, Cisco IOS XE \u0438 Cisco IOS XR, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438\u043b\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0412\u044b\u0445\u043e\u0434 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 (CWE-119), \u041d\u0435\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u0430\u044f \u0444\u043e\u0440\u043c\u0430\u0442\u043d\u0430\u044f \u0441\u0442\u0440\u043e\u043a\u0430 (CWE-134)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 Link Layer Discovery Protocol (LLDP) \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c Cisco IOS, Cisco IOS XE \u0438 Cisco IOS XR \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u0432\u044b\u0445\u043e\u0434\u043e\u043c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438\u043b\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-0175\nhttps://www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-119, CWE-134",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,9)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8)"
}

CVE-2018-0175 (GCVE-0-2018-0175)

Vulnerability from cvelistv5 – Published: 2018-03-28 22:00 – Updated: 2026-01-12 22:02

Summary

Format String vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. Cisco Bug IDs: CSCvd73664.

Severity ?

8 (High)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-119

Assigner

cisco

References

URL

Tags

	https://tools.cisco.com/security/center/content/C…	x_refsource_CONFIRM
	https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03	x_refsource_MISC
	https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04	x_refsource_MISC
	http://www.securitytracker.com/id/1040586	vdb-entryx_refsource_SECTRACK
	https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05	x_refsource_MISC
	http://www.securityfocus.com/bid/103564	vdb-entryx_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	Cisco IOS, IOS XE, and IOS XR	Affected: Cisco IOS, IOS XE, and IOS XR

Date Public ?

2018-03-28 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:14:17.061Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04"
          },
          {
            "name": "1040586",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040586"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05"
          },
          {
            "name": "103564",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103564"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "ADJACENT_NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2018-0175",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-08T17:23:01.520865Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2022-03-03",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-0175"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-12T22:02:18.981Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-0175"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IOS, IOS XE, and IOS XR",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco IOS, IOS XE, and IOS XR"
            }
          ]
        }
      ],
      "datePublic": "2018-03-28T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Format String vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. Cisco Bug IDs: CSCvd73664."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-04-19T14:57:01.000Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04"
        },
        {
          "name": "1040586",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040586"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05"
        },
        {
          "name": "103564",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103564"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2018-0175",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco IOS, IOS XE, and IOS XR",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco IOS, IOS XE, and IOS XR"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Format String vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. Cisco Bug IDs: CSCvd73664."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04"
            },
            {
              "name": "1040586",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040586"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05"
            },
            {
              "name": "103564",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103564"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2018-0175",
    "datePublished": "2018-03-28T22:00:00.000Z",
    "dateReserved": "2017-11-27T00:00:00.000Z",
    "dateUpdated": "2026-01-12T22:02:18.981Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2022-04550

CVE-2018-0175 (GCVE-0-2018-0175)

Tags

Sightings

Nomenclature