CVE-2018-0471Uncontrolled Resource Consumption in Cisco IOS XE Software

CWE-400Uncontrolled Resource ConsumptionCWE-772Missing Release of Resource after Effective Lifetime4 documents4 sources
Severity
7.4HIGHNVD
EPSS
0.2%
top 54.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XE SoftwareCisco IOS XE
Timeline
PublishedOct 5
Latest updateMay 13

Description

A vulnerability in the Cisco Discovery Protocol (CDP) module of Cisco IOS XE Software Releases 16.6.1 and 16.6.2 could allow an unauthenticated, adjacent attacker to cause a memory leak that may lead to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain CDP packets. An attacker could exploit this vulnerability by sending certain CDP packets to an affected device. A successful exploit could cause an affected device to continuously consume memory and e

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 2.8 | Impact: 4.0

Affected Packages2 packages

NVDcisco/ios_xe16.6.1, 16.6.2+1

🔴Vulnerability Details

2
GHSA
GHSA-5234-wvr8-wqqh: A vulnerability in the Cisco Discovery Protocol (CDP) module of Cisco IOS XE Software Releases 162022-05-13
CVEList
Cisco IOS XE Software Cisco Discovery Protocol Memory Leak Vulnerability2018-10-05

📋Vendor Advisories

1
Cisco
Cisco IOS XE Software Cisco Discovery Protocol Memory Leak Vulnerability2018-09-26
CVE-2018-0471 — Uncontrolled Resource Consumption | cvebase