National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2018-0161 Detail

Current Description

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software running on certain models of Cisco Catalyst Switches could allow an authenticated, remote attacker to cause a denial of service (DoS) condition, aka a GET MIB Object ID Denial of Service Vulnerability. The vulnerability is due to a condition that could occur when the affected software processes an SNMP read request that contains a request for the ciscoFlashMIB object ID (OID). An attacker could trigger this vulnerability by issuing an SNMP GET request for the ciscoFlashMIB OID on an affected device. A successful exploit could cause the affected device to restart due to a SYS-3-CPUHOG. This vulnerability affects the following Cisco devices if they are running a vulnerable release of Cisco IOS Software and are configured to use SNMP Version 2 (SNMPv2) or SNMP Version 3 (SNMPv3): Cisco Catalyst 2960-L Series Switches, Cisco Catalyst Digital Building Series Switches 8P, Cisco Catalyst Digital Building Series Switches 8U. Cisco Bug IDs: CSCvd89541.

Source:  MITRE
View Analysis Description

Impact

CVSS v3.0 Severity and Metrics:

Base Score: 6.3 MEDIUM
Vector: AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H (V3.0 legend)
Impact Score: 4.0
Exploitability Score: 1.8


Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Changed
Confidentiality (C): None
Integrity (I): None
Availability (A): High

CVSS v2.0 Severity and Metrics:

Base Score: 6.3 MEDIUM
Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:C) (V2 legend)
Impact Subscore: 6.9
Exploitability Subscore: 6.8


Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (AU): Single
Confidentiality (C): None
Integrity (I): None
Availability (A): Complete
Additional Information:
Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
http://www.securityfocus.com/bid/103573 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1040589 Third Party Advisory VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-snmp Mitigation Vendor Advisory

Technical Details

Vulnerability Type (View All)

Known Affected Software Configurations Switch to CPE 2.2

Configuration 1 ( hide )
 cpe:2.3:o:cisco:ios:15.2\(5\)e:*:*:*:*:*:*:*
     Show Matching CPE(s)
Running on/with
 cpe:2.3:h:cisco:catalyst_2960l-16ps-ll:-:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:h:cisco:catalyst_2960l-16ts-ll:-:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:h:cisco:catalyst_2960l-24pq-ll:-:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:h:cisco:catalyst_2960l-24ps-ll:-:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:h:cisco:catalyst_2960l-24tq-ll:-:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:h:cisco:catalyst_2960l-24ts-ll:-:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:h:cisco:catalyst_2960l-48pq-ll:-:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:h:cisco:catalyst_2960l-48ps-ll:-:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:h:cisco:catalyst_2960l-48tq-ll:-:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:h:cisco:catalyst_2960l-48ts-ll:-:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:h:cisco:catalyst_2960l-8ps-ll:-:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:h:cisco:catalyst_2960l-8ts-ll:-:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:h:cisco:catalyst_digital_building_series_switches-8p:-:*:*:*:*:*:*:*
     Show Matching CPE(s)
 cpe:2.3:h:cisco:catalyst_digital_building_series_switches-8u:-:*:*:*:*:*:*:*
     Show Matching CPE(s)


Change History

7 change records found - show changes

Quick Info

CVE Dictionary Entry:
CVE-2018-0161
NVD Published Date:
03/28/2018
NVD Last Modified:
10/02/2019