Cyber Resilience

CVE-2018-0175

HighCISA KEVActive ExploitationEUVD Exploited

Published: 28 March 2018

Published
28 March 2018
Modified
14 January 2026
KEV Added
03 March 2022
Patch
CVSS Score v3.1 8.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0292 86.7th percentile
Risk Priority 38 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2018-0175 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Cisco Ios. Its CVSS base score is 8.0 (High).

Operationally, ranked in the top 13.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and CM-7 (Least Functionality).

Deeper analysis

A format string vulnerability exists in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software, tracked under Cisco Bug ID CSCvd73664. The flaw is identified by CWE-119 and CWE-134 and carries a CVSS 3.1 base score of 8.0.

An unauthenticated adjacent attacker can exploit the issue to trigger a denial-of-service condition or to execute arbitrary code with elevated privileges on an affected device. The attack vector requires adjacency on the local link and does not need prior authentication or user interaction beyond sending crafted LLDP packets.

Public references include ICS-CERT advisories ICSA-18-107-03, ICSA-18-107-04, and ICSA-18-107-05 along with SecurityFocus and SecurityTracker entries that direct administrators to vendor updates and configuration guidance for the affected Cisco operating systems. No information on observed in-the-wild exploitation is supplied in the available references.

EU & UK References

Vulnerability details

Format String vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute…

more

arbitrary code with elevated privileges on an affected device. Cisco Bug IDs: CSCvd73664.

CWE(s)
KEV Date Added
03 March 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

cisco
ios
15.4\(3\)m4.1 · ≤ 15.2\(4a\)ea5 · ≤ 15.2\(6\)e0a · ≤ 15.6.3m1
cisco
ios xe
15.4\(3\)m4.1 · ≤ 15.2\(4a\)ea5 · ≤ 15.2\(6\)e0a · ≤ 15.6.3m1
cisco
ios xr
15.4\(3\)m4.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires applying vendor patches that eliminate the LLDP format-string flaw (CSCvd73664) before exploitation.

prevent

Boundary-protection rules can filter or drop crafted LLDP frames from untrusted adjacent links, blocking the attack vector.

prevent

Least-functionality settings allow LLDP to be disabled on interfaces where the protocol is unnecessary, removing the vulnerable code path.

References