CVE-2018-15373

CWE-399CWE-770Allocation without Limits4 documents4 sources
Severity
7.4HIGH
EPSS
0.3%
top 51.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Cisco IOS SoftwareCisco IOSCisco IOS XE
Timeline
PublishedOct 5
Latest updateMay 13

Description

A vulnerability in the implementation of Cisco Discovery Protocol functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust memory on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper memory handling by the affected software when the software processes high rates of Cisco Discovery Protocol packets that are sent to a device. An attacker could exploit this vulnerability by sen

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 2.8 | Impact: 4.0

Affected Packages3 packages

NVDcisco/ios15.5\(3\)s3.16
NVDcisco/ios_xe15.5\(3\)s3.16

🔴Vulnerability Details

2
GHSA
GHSA-jwv5-rv9v-wpxj: A vulnerability in the implementation of Cisco Discovery Protocol functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthe2022-05-13
CVEList
Cisco IOS and IOS XE Software Cisco Discovery Protocol Denial of Service Vulnerability2018-10-05

📋Vendor Advisories

1
Cisco
Cisco IOS and IOS XE Software Cisco Discovery Protocol Denial of Service Vulnerability2018-09-26