CVE-2018-0471

CVE-2018-0471: Cisco IOS XE Software Cisco Discovery Protocol Memory Leak Vulnerability

Vendor Cisco
Product Cisco IOS XE Software
Weakness CWE-400
Published October 5, 2018
Last update November 26, 2024

CVSS base score

What the vulnerability does

01Description

A vulnerability in the Cisco Discovery Protocol (CDP) module of Cisco IOS XE Software Releases 16.6.1 and 16.6.2 could allow an unauthenticated, adjacent attacker to cause a memory leak that may lead to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain CDP packets. An attacker could exploit this vulnerability by sending certain CDP packets to an affected device. A successful exploit could cause an affected device to continuously consume memory and eventually result in a memory allocation failure that leads to a crash, triggering a reload of the affected device.

Key dates

02Disclosure timeline

October 5, 2018 CVE published
November 26, 2024 Record updated