CVE-2018-0175

Format String vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. Cisco Bug IDs: CSCvd73664.

CVSS v3 8.0 HIGH
CVSS v2.0 7.9 HIGH

8.0^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.1 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.9^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:A/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 5.5 / Impact : 10.0

Access Vector ADJACENT_NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.securityfocus.com/bid/103564	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1040586	Broken Link Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03	Third Party Advisory US Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04	Third Party Advisory US Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05	Third Party Advisory US Government Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp	Vendor Advisory
http://www.securityfocus.com/bid/103564	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1040586	Broken Link Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03	Third Party Advisory US Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04	Third Party Advisory US Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05	Third Party Advisory US Government Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp	Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-0175	US Government Resource

Configurations

Configuration 1 (hide)

cpe:2.3:o:cisco:ios:15.4\(3\)m4.1:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:cisco:ios_xe:15.4\(3\)m4.1:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:cisco:ios_xr:15.4\(3\)m4.1:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

OR	cpe:2.3:o:cisco:ios::::::::
	cpe:2.3:o:cisco:ios_xe::::::::

cpe:2.3:h:rockwellautomation:allen-bradley_stratix_8300_industrial_managed_ethernet_switch:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

OR	cpe:2.3:o:cisco:ios::::::::
	cpe:2.3:o:cisco:ios_xe::::::::

OR	cpe:2.3:h:rockwellautomation:allen-bradley_armorstratix_5700:-:::::::*
	cpe:2.3:h:rockwellautomation:allen-bradley_stratix_5400:-:::::::*
	cpe:2.3:h:rockwellautomation:allen-bradley_stratix_5410:-:::::::*
	cpe:2.3:h:rockwellautomation:allen-bradley_stratix_5700:-:::::::*
	cpe:2.3:h:rockwellautomation:allen-bradley_stratix_8000:-:::::::*

Configuration 6 (hide)

AND

OR	cpe:2.3:o:cisco:ios::::::::
	cpe:2.3:o:cisco:ios_xe::::::::

cpe:2.3:h:rockwellautomation:allen-bradley_stratix_5900_services_router:-:*:*:*:*:*:*:*

History

28 Oct 2025, 13:57

Type	Values Removed	Values Added
References	~~() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-0175 -~~	() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-0175 - US Government Resource

22 Oct 2025, 00:16

Type	Values Removed	Values Added
References		() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-0175 -

21 Oct 2025, 20:17

Type	Values Removed	Values Added
References	~~{'url': 'https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-0175', 'source': '134c704f-9b21-4f2e-91b3-4a467353bcc0'}~~

21 Oct 2025, 19:17

Type	Values Removed	Values Added
References		() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-0175 -

21 Nov 2024, 03:37

Type	Values Removed	Values Added
References	~~() http://www.securityfocus.com/bid/103564 - Broken Link, Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/103564 - Broken Link, Third Party Advisory, VDB Entry
References	~~() http://www.securitytracker.com/id/1040586 - Broken Link, Third Party Advisory, VDB Entry~~	() http://www.securitytracker.com/id/1040586 - Broken Link, Third Party Advisory, VDB Entry
References	~~() https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03 - Third Party Advisory, US Government Resource~~	() https://ics-cert.us-cert.gov/advisories/ICSA-18-107-03 - Third Party Advisory, US Government Resource
References	~~() https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04 - Third Party Advisory, US Government Resource~~	() https://ics-cert.us-cert.gov/advisories/ICSA-18-107-04 - Third Party Advisory, US Government Resource
References	~~() https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05 - Third Party Advisory, US Government Resource~~	() https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05 - Third Party Advisory, US Government Resource
References	~~() https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp - Vendor Advisory~~	() https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-lldp - Vendor Advisory

24 Jul 2024, 14:10

Type	Values Removed	Values Added
References	~~() http://www.securityfocus.com/bid/103564 - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/103564 - Broken Link, Third Party Advisory, VDB Entry
References	~~() http://www.securitytracker.com/id/1040586 - Third Party Advisory, VDB Entry~~	() http://www.securitytracker.com/id/1040586 - Broken Link, Third Party Advisory, VDB Entry
First Time		Rockwellautomation allen-bradley Stratix 8300 Industrial Managed Ethernet Switch
CPE		cpe:2.3:h:rockwellautomation:allen-bradley_stratix_8300_industrial_managed_ethernet_switch:-:::::::* cpe:2.3:o:cisco:ios:::::::: cpe:2.3:o:cisco:ios_xe::::::::

Information

Published : 2018-03-28 22:29

Updated : 2025-10-28 13:57

NVD link : CVE-2018-0175

Mitre link : CVE-2018-0175

CVE.ORG link : CVE-2018-0175

JSON object : View

Products Affected

cisco

ios_xe
ios_xr
ios

rockwellautomation

allen-bradley_stratix_8300_industrial_managed_ethernet_switch
allen-bradley_stratix_5410
allen-bradley_stratix_5900_services_router
allen-bradley_armorstratix_5700
allen-bradley_stratix_5400
allen-bradley_stratix_8000
allen-bradley_stratix_5700

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-134

Use of Externally-Controlled Format String

8.0 /10