CVE-2018-0173 — Cisco IOS and IOS XE Software Improper Input Validation Vulnerability

2022-03-03 • CISA Known Exploited Vulnerability

[event] A vulnerability in the Cisco IOS Software and Cisco IOS XE Software function that restores encapsulated option 82 information in DHCP Version 4 (DHCPv4) packets can allow for denial-of-service (DoS).

> AFFECTED SOFTWARE

Field	Value
Vendor	Cisco
Product	IOS and IOS XE Software
CWE	CWE-20
CVE ID	CVE-2018-0173
Date Added	2022-03-03
Due Date	2022-03-17
Ransomware Campaign	Unknown

> MITIGATION

Apply updates per vendor instructions.

Due Date: 2022-03-17

> REFERENCES

[1] https://nvd.nist.gov/vuln/detail/CVE-2018-0173