Resource exhaustion in Cisco Nexus 9000 Series Switches and Cisco Nexus 3000 Series Switches - CVE-2018-0309
Published: June 20, 2018 / Updated: June 21, 2018
Vulnerability identifier: #VU13415
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2018-0309
CWE-ID: CWE-400
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Nexus 9000 Series Switches
Cisco Nexus 3000 Series Switches
Cisco Nexus 9000 Series Switches
Cisco Nexus 3000 Series Switches
Detailed vulnerability description
The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The vulnerability exists in the associated Simple Network Management Protocol (SNMP) MIB for Cisco Nexus 3000 and 9000 Series Switches due to the incorrect implementation of the CLI command, resulting in a failure to free all allocated memory upon completion. A remote attacker can authenticate to the affected device and repeatedly issue a specific CLI command or send a specific SNMP poll request for a specific Object Identifier (OID) and cause the IP routing process to restart or to cause a device to reset.
How to mitigate CVE-2018-0309
The vulnerability is fixed in the versions 7.0(3)I4(8), 7.0(3)I7(1), 7.0(3)I6(2).