CVE-2018-0161 - Vulnerability Details

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software running on certain models of Cisco Catalyst Switches could allow an authenticated, remote attacker to cause a denial of service (DoS) condition, aka a GET MIB Object ID Denial of Service Vulnerability. The vulnerability is due to a condition that could occur when the affected software processes an SNMP read request that contains a request for the ciscoFlashMIB object ID (OID). An attacker could trigger this vulnerability by issuing an SNMP GET request for the ciscoFlashMIB OID on an affected device. A successful exploit could cause the affected device to restart due to a SYS-3-CPUHOG. This vulnerability affects the following Cisco devices if they are running a vulnerable release of Cisco IOS Software and are configured to use SNMP Version 2 (SNMPv2) or SNMP Version 3 (SNMPv3): Cisco Catalyst 2960-L Series Switches, Cisco Catalyst Digital Building Series Switches 8P, Cisco Catalyst Digital Building Series Switches 8U. Cisco Bug IDs: CSCvd89541.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:M/Au:S/C:N/I:N/A:C

This CVE is in the KEV database since March 3, 2022.

Exploitation active

Automatable no

Technical Impact partial

Vendors	Products
Cisco	Catalyst 2960l-16ps-ll Catalyst 2960l-16ts-ll Catalyst 2960l-24pq-ll Catalyst 2960l-24ps-ll Catalyst 2960l-24tq-ll Catalyst 2960l-24ts-ll Catalyst 2960l-48pq-ll Catalyst 2960l-48ps-ll Catalyst 2960l-48tq-ll Catalyst 2960l-48ts-ll Catalyst 2960l-8ps-ll Catalyst 2960l-8ts-ll Catalyst Digital Building Series Switches-8p Catalyst Digital Building Series Switches-8u Ios

Configuration 1 [-]

AND

cpe:2.3:o:cisco:ios:15.2\(5\)e:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:catalyst_2960l-16ps-ll:-:::::::*
	cpe:2.3:h:cisco:catalyst_2960l-16ts-ll:-:::::::*
	cpe:2.3:h:cisco:catalyst_2960l-24pq-ll:-:::::::*
	cpe:2.3:h:cisco:catalyst_2960l-24ps-ll:-:::::::*
	cpe:2.3:h:cisco:catalyst_2960l-24tq-ll:-:::::::*
	cpe:2.3:h:cisco:catalyst_2960l-24ts-ll:-:::::::*
	cpe:2.3:h:cisco:catalyst_2960l-48pq-ll:-:::::::*
	cpe:2.3:h:cisco:catalyst_2960l-48ps-ll:-:::::::*
	cpe:2.3:h:cisco:catalyst_2960l-48tq-ll:-:::::::*
	cpe:2.3:h:cisco:catalyst_2960l-48ts-ll:-:::::::*
	cpe:2.3:h:cisco:catalyst_2960l-8ps-ll:-:::::::*
	cpe:2.3:h:cisco:catalyst_2960l-8ts-ll:-:::::::*
	cpe:2.3:h:cisco:catalyst_digital_building_series_switches-8p:-:::::::*
	cpe:2.3:h:cisco:catalyst_digital_building_series_switches-8u:-:::::::*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/103573
http://www.securitytracker.com/id/1040589
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-snmp

History

Fri, 15 Nov 2024 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2022-03-03'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2018-03-28T22:00:00

Updated: 2024-11-15T17:53:16.190Z

Reserved: 2017-11-27T00:00:00

Link: CVE-2018-0161

Vulnrichment

Updated: 2024-08-05T03:14:16.929Z

NVD

Status : Modified

Published: 2018-03-28T22:29:00.703

Modified: 2024-11-21T03:37:38.320

Link: CVE-2018-0161

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Exploitation active

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object