cnvd-2018-07301
Vulnerability from cnvd
Title
Cisco IOS Software、IOS XE Software和IOS XR Software Link Layer Discovery Protocol子系统权限提升漏洞
Description
Cisco IOS Software、IOS XE Software和IOS XR Software都是美国思科(Cisco)公司为其网络设备开发的操作系统。Link Layer Discovery Protocol(LLDP)subsystem是其中的一套链路层发现协议子系统。
Cisco IOS Software、IOS XE Software和IOS XR Software中的LLDP子系统存在安全漏洞,该漏洞源于程序未能正确的处理LLDP消息中的字段。攻击者可通过诱使用户执行show命令利用该漏洞造成拒绝服务或以提升的权限执行任意代码。
Severity
高
        VLAI Severity ?
      
      Patch Name
Cisco IOS Software、IOS XE Software和IOS XR Software Link Layer Discovery Protocol子系统权限提升漏洞的补丁
Patch Description
Cisco IOS Software、IOS XE Software和IOS XR Software都是美国思科(Cisco)公司为其网络设备开发的操作系统。Link Layer Discovery Protocol(LLDP)subsystem是其中的一套链路层发现协议子系统。
Cisco IOS Software、IOS XE Software和IOS XR Software中的LLDP子系统存在安全漏洞,该漏洞源于程序未能正确的处理LLDP消息中的字段。攻击者可通过诱使用户执行show命令利用该漏洞造成拒绝服务或以提升的权限执行任意代码。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp
Reference
https://www.securityfocus.com/bid/103564
Impacted products
          | Name | ['Cisco IOS Software', 'Cisco IOS XR Software', 'Cisco IOS XE Software'] | 
|---|
{
  "bids": {
    "bid": {
      "bidNumber": "103564"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-0175"
    }
  },
  "description": "Cisco IOS Software\u3001IOS XE Software\u548cIOS XR Software\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u4e3a\u5176\u7f51\u7edc\u8bbe\u5907\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Link Layer Discovery Protocol\uff08LLDP\uff09subsystem\u662f\u5176\u4e2d\u7684\u4e00\u5957\u94fe\u8def\u5c42\u53d1\u73b0\u534f\u8bae\u5b50\u7cfb\u7edf\u3002\r\n\r\nCisco IOS Software\u3001IOS XE Software\u548cIOS XR Software\u4e2d\u7684LLDP\u5b50\u7cfb\u7edf\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7684\u5904\u7406LLDP\u6d88\u606f\u4e2d\u7684\u5b57\u6bb5\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8bf1\u4f7f\u7528\u6237\u6267\u884cshow\u547d\u4ee4\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u6216\u4ee5\u63d0\u5347\u7684\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-07301",
  "openTime": "2018-04-10",
  "patchDescription": "Cisco IOS Software\u3001IOS XE Software\u548cIOS XR Software\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u4e3a\u5176\u7f51\u7edc\u8bbe\u5907\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Link Layer Discovery Protocol\uff08LLDP\uff09subsystem\u662f\u5176\u4e2d\u7684\u4e00\u5957\u94fe\u8def\u5c42\u53d1\u73b0\u534f\u8bae\u5b50\u7cfb\u7edf\u3002\r\n\r\nCisco IOS Software\u3001IOS XE Software\u548cIOS XR Software\u4e2d\u7684LLDP\u5b50\u7cfb\u7edf\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7684\u5904\u7406LLDP\u6d88\u606f\u4e2d\u7684\u5b57\u6bb5\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8bf1\u4f7f\u7528\u6237\u6267\u884cshow\u547d\u4ee4\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u6216\u4ee5\u63d0\u5347\u7684\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco IOS Software\u3001IOS XE Software\u548cIOS XR Software Link Layer Discovery Protocol\u5b50\u7cfb\u7edf\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco IOS Software",
      "Cisco IOS XR Software",
      "Cisco IOS XE Software"
    ]
  },
  "referenceLink": "https://www.securityfocus.com/bid/103564",
  "serverity": "\u9ad8",
  "submitTime": "2018-03-29",
  "title": "Cisco IOS Software\u3001IOS XE Software\u548cIOS XR Software Link Layer Discovery Protocol\u5b50\u7cfb\u7edf\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}
  Loading…
      Loading…
      Sightings
| Author | Source | Type | Date | 
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
      Loading…