CVE-2018-0167

Name of the Vulnerable Software and Affected Versions Cisco IOS, Cisco IOS XE, and Cisco IOS XR Software (affected versions not specified)

Description The issue is related to multiple buffer overflow vulnerabilities in the Link Layer Discovery Protocol (LLDP) subsystem of the affected software. An unauthenticated, adjacent attacker could exploit these vulnerabilities to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device.

Recommendations For Cisco IOS Software, update to a version that includes the fix for the buffer overflow vulnerabilities in the LLDP subsystem. For Cisco IOS XE Software, update to a version that includes the fix for the buffer overflow vulnerabilities in the LLDP subsystem. For Cisco IOS XR Software, update to a version that includes the fix for the buffer overflow vulnerabilities in the LLDP subsystem. As a temporary workaround, consider disabling the LLDP protocol until a patch is available. Restrict access to the LLDP subsystem to minimize the risk of exploitation.