Vulnerability identifier: #VU13414
Vulnerability risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Cisco Nexus 4000 Series Switches
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Vendor: Cisco Systems, Inc
Description
The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The vulnerability exists in the Simple Network Management Protocol (SNMP) feature of the Cisco Nexus 4000 Series Switch due to incomplete validation of an SNMP poll request for a specific MIB. A remote attacker can send a specific SNMP poll request and cause the device to reload.
Mitigation
The vulnerability is addressed in the versions 4.0(0.58), 4.0(0.56), 4.1(2)E1(1s).
Vulnerable software versions
Cisco Nexus 4000 Series Switches: 4.1.2 E1.1r
External links
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-n4k-snmp-dos
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.