CVE-2018-0175

Name of the Vulnerable Software and Affected Versions Cisco IOS Software (affected versions not specified) Cisco IOS XE Software (affected versions not specified) Cisco IOS XR Software (affected versions not specified)

Description A Format String vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device.

Recommendations For Cisco IOS Software, update to a version that addresses this vulnerability. For Cisco IOS XE Software, update to a version that addresses this vulnerability. For Cisco IOS XR Software, update to a version that addresses this vulnerability. As a temporary workaround, consider disabling the LLDP subsystem until a patch is available. Restrict access to the LLDP subsystem to minimize the risk of exploitation.