CVE-2018-0395Improper Input Validation in Cisco Nx-os Software

CWE-20Improper Input Validation4 documents4 sources
Severity
5.3MEDIUMNVD
CNA8.8
EPSS
0.3%
top 44.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Cisco Nx-os SoftwareCisco Firepower 4100 Series Next-generation FirewallsCisco Firepower Extensible Operating System+1 more
Timeline
PublishedOct 17
Latest updateMay 13

Description

A vulnerability in the Link Layer Discovery Protocol (LLDP) implementation for Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition when the device unexpectedly reloads. The vulnerability is due to improper input validation of certain type, length, value (TLV) fields of the LLDP frame header. An attacker could exploit this vulnerability by sending a crafted LLDP packet to an interface on the targeted device. A

CVSS vector

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 1.6 | Impact: 3.6

Affected Packages4 packages

CVEListV5cisco/cisco_nx-os_softwareunspecified6.2(1)
CVEListV5cisco/firepower_4100_series_next-generation_firewallsunspecified<2.3.1.58
NVDcisco/nx-os5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-3wmx-fc2q-p8g5: A vulnerability in the Link Layer Discovery Protocol (LLDP) implementation for Cisco FXOS Software and Cisco NX-OS Software could allow an unauthentic2022-05-13
CVEList
Cisco FXOS and NX-OS Software Link Layer Discovery Protocol Denial of Service Vulnerability2018-10-17

📋Vendor Advisories

1
Cisco
Cisco FXOS and NX-OS Software Link Layer Discovery Protocol Denial of Service Vulnerability2018-10-17
CVE-2018-0395 — Improper Input Validation in Cisco | cvebase