⚠ Actively exploited
Added to CISA KEV on 2022-03-03. Federal agencies required to patch by 2022-03-17. Required action: Apply updates per vendor instructions..
CVE-2018-0167 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco IOS XR
Severity
8.8HIGHNVD
EPSS
1.2%
top 20.98%
CISA KEV
KEV
Added 2022-03-03
Due 2022-03-17
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedMar 28
KEV addedMar 3
KEV dueMar 17
Latest updateMay 13
CISA Required Action: Apply updates per vendor instructions.
Description
Multiple Buffer Overflow vulnerabilities in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. Cisco Bug IDs: CSCuo17183, CSCvd73487.
CVSS vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages3 packages
🔴Vulnerability Details
3GHSA▶
GHSA-h85m-74j9-4r6m: Multiple Buffer Overflow vulnerabilities in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco↗2022-05-13
CVEList▶
CVE-2018-0167: Multiple Buffer Overflow vulnerabilities in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco↗2018-03-28