Format String Vulnerability in Cisco IOS and IOS XE Software
CVE-2018-0175
What is CVE-2018-0175?
The vulnerability exists in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS, IOS XE, and IOS XR Software, allowing unauthenticated, adjacent attackers to exploit it. Successful exploitation can result in a denial of service condition or enable an attacker to execute arbitrary code with elevated privileges on affected devices. This significantly compromises the security and functionality of the network, making it critical for organizations to apply the relevant patches provided by Cisco to mitigate risks.
CISA has reported CVE-2018-0175
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2018-0175 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply updates per vendor instructions.
Affected Version(s)
Cisco IOS, IOS XE, and IOS XR Cisco IOS, IOS XE, and IOS XR