External risk intelligence

Cisco IOS LLDP Vulnerability Allows Code Execution

CVE advisoryKnown Exploit

CVE-2018-0175

A format string vulnerability in Cisco's Link Layer Discovery Protocol (LLDP) subsystem can allow an adjacent attacker to cause a denial of service or execute arbitrary code. This impacts organizations using Cisco IOS, IOS XE, and IOS XR software, posing a business risk through potential service disruption and unauthor

1Halo Surface Signal

Memory Corruption

Cisco Ios

15.4\(3\)m4.115.2\(4a\)ea5 and earlier15.2\(6\)e0a and earlier15.6.3m1 and earlier

External exposure likelihood

Halo Surface Signal score for CVE-2018-0175

The vulnerability exists in the Link Layer Discovery Protocol (LLDP), a data link layer protocol designed for communication between directly connected devices on the same local network segment. LLDP packets are intentionally not forwarded by network devices, making the surface inherently local-only and not reachable via the public internet.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Horizon Alert

Summary of the vulnerability and why it matters

The Link Layer Discovery Protocol (LLDP) subsystem in Cisco software is affected by a format string vulnerability. This flaw could permit an attacker with adjacent network access to disrupt services or gain elevated privileges on an affected device. The potential impact includes denial of service and unauthorized code execution.

  • Vulnerable Cisco LLDP subsystem
  • Improper handling of format strings
  • Denial of service, code execution

Attack Path

How an attacker could exploit the issue

A format string vulnerability within the Link Layer Discovery Protocol (LLDP) subsystem of Cisco devices could allow an adjacent attacker to gain elevated privileges or cause a denial of service. This exploit targets the LLDP subsystem, a component responsible for network device discovery. The vulnerability allows an unauthenticated attacker on the same network segment to potentially execute arbitrary code or disrupt service on the affected device.

  • Adjacent network exposure
  • Unauthenticated attacker access
  • Triggering LLDP to gain control

Live Threat

Current exploitation, exposure, and threat context

A format string vulnerability in Cisco's Link Layer Discovery Protocol (LLDP) subsystem could allow an attacker to disrupt service or execute code on affected devices. This impacts organizations using Cisco IOS, IOS XE, or IOS XR software. The vulnerability is classified as high severity, indicating a significant potential for business risk.

  • Likely attacker skill level: Low
  • Required access or conditions: Adjacent network access
  • Business risk or urgency: High

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

An adjacent attacker could exploit a format string vulnerability in Cisco's Link Layer Discovery Protocol (LLDP) subsystem. This could lead to a denial-of-service condition or unauthorized code execution with elevated privileges on affected devices. The vulnerability impacts Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software.

  • Identify affected Cisco devices.
  • Reduce exposure or isolate risk.
  • Apply vendor fixes and validate.
  • Monitor for related security issues.

Frequently asked questions

What is the Cisco Link Layer Discovery Protocol (LLDP) subsystem?

The Link Layer Discovery Protocol (LLDP) subsystem is a component within Cisco's network operating systems (IOS, IOS XE, and IOS XR) used for network device discovery. It allows directly connected devices on the same local network segment to share information about themselves, such as their identity, capabilities, and management addresses. This helps in building a map of the local network topology.

What type of vulnerability affects Cisco IOS LLDP?

This vulnerability is a format string vulnerability (CWE-134). It means that the software incorrectly handles strings that contain special commands or placeholders, potentially allowing an attacker to manipulate how data is written to memory. In this specific case, it impacts the LLDP subsystem and could lead to denial of service or code execution.

How can an attacker exploit this Cisco LLDP flaw?

An attacker needs to be on the same adjacent network segment as the vulnerable device to exploit this flaw. They can then send specially crafted LLDP packets to the device. If successful, this could cause the device to crash (denial of service) or potentially allow the attacker to run their own code on the device with higher privileges.

Who should be concerned about this Cisco LLDP vulnerability?

Organizations using Cisco IOS, IOS XE, or IOS XR software on their network devices should be concerned. Since the attack vector is adjacent, meaning the attacker must be on the same local network segment, this vulnerability is considered internal. However, it could still be a significant risk if an attacker gains initial access to that internal network.

What should I do if I run affected Cisco software?

First, identify which of your Cisco devices are running the affected versions of IOS, IOS XE, or IOS XR. Review Cisco's security advisory for specific guidance on mitigation and remediation steps, which typically involve applying software updates provided by Cisco. It's also wise to monitor your network for any unusual activity related to LLDP.

References

Sources and related resources

Primary sources: NVD, CVE.org, CISA KEV.

NVDPublished Modified