CVE-2018-0175

CVE	CVE-2018-0175
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2018-03-28 22:29:00 UTC
Updated	2019-10-09 23:31:00 UTC
Description	Format String vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. Cisco Bug IDs: CSCvd73664.

EPSS: 0.029240000 probability, percentile 0.863500000 (date 2026-04-02)

CISA KEV: Listed on 2022-03-03; due 2022-03-17; ransomware use Unknown

Problem Types: CWE-134

Vendor	Cisco
Product	IOS, XR, and XE Software
Name	Cisco IOS, XR, and XE Software Buffer Overflow Vulnerability
Required Action	Apply updates per vendor instructions.
Notes	https://nvd.nist.gov/vuln/detail/CVE-2018-0175

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Cisco	Ios	15.4(3)m4.1	All	All	All
Operating System	Cisco	Ios	15.4\(3\)m4.1	All	All	All
Operating System	Cisco	Ios	15.4\(3\)m4.1	All	All	All
Operating System	Cisco	Ios Xe	15.4(3)m4.1	All	All	All
Operating System	Cisco	Ios Xe	15.4\(3\)m4.1	All	All	All
Operating System	Cisco	Ios Xe	15.4\(3\)m4.1	All	All	All
Operating System	Cisco	Ios Xr	15.4(3)m4.1	All	All	All
Operating System	Cisco	Ios Xr	15.4\(3\)m4.1	All	All	All
Operating System	Cisco	Ios Xr	15.4\(3\)m4.1	All	All	All
Hardware	Rockwellautomation	Allen-bradley Armorstratix 5700	-	All	All	All
Hardware	Rockwellautomation	Allen-bradley Armorstratix 5700	-	All	All	All
Hardware	Rockwellautomation	Allen-bradley Stratix 5400	-	All	All	All
Hardware	Rockwellautomation	Allen-bradley Stratix 5400	-	All	All	All
Hardware	Rockwellautomation	Allen-bradley Stratix 5410	-	All	All	All
Hardware	Rockwellautomation	Allen-bradley Stratix 5410	-	All	All	All
Hardware	Rockwellautomation	Allen-bradley Stratix 5700	-	All	All	All
Hardware	Rockwellautomation	Allen-bradley Stratix 5700	-	All	All	All
Hardware	Rockwellautomation	Allen-bradley Stratix 5900 Services Router	-	All	All	All
Hardware	Rockwellautomation	Allen-bradley Stratix 5900 Services Router	-	All	All	All
Hardware	Rockwellautomation	Allen-bradley Stratix 8000	-	All	All	All
Hardware	Rockwellautomation	Allen-bradley Stratix 8000	-	All	All	All

Reference	Source	Link	Tags
Cisco IOS, IOS XE, and IOS XR Software Link Layer Discovery Protocol Buffer Overflow Vulnerabilities	CONFIRM	tools.cisco.com	Vendor Advisory
Rockwell Automation Stratix and ArmorStratix Switches \| CISA	MISC	ics-cert.us-cert.gov	Third Party Advisory, US Government Resource
Cisco IOS/IOS XE/IOS XR Software Multiple Remote Code Execution and Format String Vulnerabilities	BID	www.securityfocus.com	Third Party Advisory, VDB Entry
Rockwell Automation Stratix Industrial Managed Ethernet Switch \| ICS-CERT	MISC	ics-cert.us-cert.gov	Third Party Advisory, US Government Resource
Cisco IOS/IOS XE/IOS XR Link Layer Discovery Protocol Bugs Let Remote Users on the Local Network Gain Elevated Privileges - SecurityTracker	SECTRACK	www.securitytracker.com	Third Party Advisory, VDB Entry
Rockwell Automation Stratix Services Router \| CISA	MISC	ics-cert.us-cert.gov	Third Party Advisory, US Government Resource
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis
CISA Known Exploited Vulnerabilities catalog	CISA	www.cisa.gov	kev

No vendor comments have been submitted for this CVE.

590338 Rockwell Automation Stratix and ArmorStratix Switches Multiple Vulnerabilities (ICSA-18-107-04)
590339 Rockwell Automation Stratix Industrial Managed Ethernet Switch Multiple Vulnerabilities (ICSA-18-107-05)
590343 Rockwell Automation Stratix Services Router Multiple Vulnerabilities (ICSA-18-107-03)