Cisco IOS and Cisco IOS XE Software Vulnerability

April 09, 2018

ADP has recently learned of a vulnerability in the Smart Install feature of Cisco IOS and Cisco IOS XE software (CVE-2018-0171) that could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on affected systems.

At this time, ADP has determined that none of its client-facing systems are exposed to this vulnerability, and no intrusion has occurred. Our layered defense includes technologies and controls to identify and/or prevent these types of threats, including assessing vulnerabilities and applying appropriate protection and detection control updates.

The Global Security Organization continues to actively monitor this situation as it does with all reported vulnerabilities. Clients are encouraged to visit our website at www.adp.com/trust to learn more about how ADP protects data, and how clients can help protect themselves.

Protecting our clients and their data from malicious activity is a top priority for ADP.