Main Vulnerability Database Vulnerabilities #VU13414

Improper input validation in Cisco Nexus 4000 Series Switches - CVE-2018-0299

Published: June 20, 2018 / Updated: June 21, 2018

Vulnerability identifier: #VU13414

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2018-0299

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Cisco Systems, Inc

Affected software:
Cisco Nexus 4000 Series Switches

Detailed vulnerability description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The vulnerability exists in the Simple Network Management Protocol (SNMP) feature of the Cisco Nexus 4000 Series Switch due to incomplete validation of an SNMP poll request for a specific MIB. A remote attacker can send a specific SNMP poll request and cause the device to reload.

How to mitigate CVE-2018-0299

The vulnerability is addressed in the versions 4.0(0.58), 4.0(0.56), 4.1(2)E1(1s).

Sources

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-n4k-snmp-dos

Improper input validation in Cisco Nexus 4000 Series Switches - CVE-2018-0299

Detailed vulnerability description

How to mitigate CVE-2018-0299

Sources

Please verify you're human