#VU13414 Improper input validation in Cisco Nexus 4000 Series Switches - CVE-2018-0299
Published: June 20, 2018 / Updated: June 21, 2018
Vulnerability identifier: #VU13414
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2018-0299
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Cisco Nexus 4000 Series Switches
Cisco Nexus 4000 Series Switches
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The vulnerability exists in the Simple Network Management Protocol (SNMP) feature of the Cisco Nexus 4000 Series Switch due to incomplete validation of an SNMP poll request for a specific MIB. A remote attacker can send a specific SNMP poll request and cause the device to reload.
Remediation
The vulnerability is addressed in the versions 4.0(0.58), 4.0(0.56), 4.1(2)E1(1s).