CVE-2018-0175
Published: 28 March 2018
Summary
CVE-2018-0175 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Cisco Ios. Its CVSS base score is 8.0 (High).
Operationally, ranked in the top 13.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and CM-7 (Least Functionality).
Deeper analysis
A format string vulnerability exists in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software, tracked under Cisco Bug ID CSCvd73664. The flaw is identified by CWE-119 and CWE-134 and carries a CVSS 3.1 base score of 8.0.
An unauthenticated adjacent attacker can exploit the issue to trigger a denial-of-service condition or to execute arbitrary code with elevated privileges on an affected device. The attack vector requires adjacency on the local link and does not need prior authentication or user interaction beyond sending crafted LLDP packets.
Public references include ICS-CERT advisories ICSA-18-107-03, ICSA-18-107-04, and ICSA-18-107-05 along with SecurityFocus and SecurityTracker entries that direct administrators to vendor updates and configuration guidance for the affected Cisco operating systems. No information on observed in-the-wild exploitation is supplied in the available references.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2018-0998
Vulnerability details
Format String vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute…
more
arbitrary code with elevated privileges on an affected device. Cisco Bug IDs: CSCvd73664.
- CWE(s)
- KEV Date Added
- 03 March 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires applying vendor patches that eliminate the LLDP format-string flaw (CSCvd73664) before exploitation.
Boundary-protection rules can filter or drop crafted LLDP frames from untrusted adjacent links, blocking the attack vector.
Least-functionality settings allow LLDP to be disabled on interfaces where the protocol is unnecessary, removing the vulnerable code path.