CVE-2014-3341Sensitive Information Exposure in Cisco Nx-os

CWE-200Sensitive Information Exposure4 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
19.5%
top 4.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Nx-os
Timeline
PublishedAug 19
Latest updateMay 17

Description

The SNMP module in Cisco NX-OS 7.0(3)N1(1) and earlier on Nexus 5000 and 6000 devices provides different error messages for invalid requests depending on whether the VLAN ID exists, which allows remote attackers to enumerate VLANs via a series of requests, aka Bug ID CSCup85616.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDcisco/nx-os7.0\(3\)n1\(1\)+37

🔴Vulnerability Details

2
GHSA
GHSA-v8h5-6h8p-g3mg: The SNMP module in Cisco NX-OS 72022-05-17
CVEList
CVE-2014-3341: The SNMP module in Cisco NX-OS 72014-08-19

📋Vendor Advisories

1
Cisco
Cisco NX-OS Software SNMP Information Disclosure Vulnerability2014-08-18
CVE-2014-3341 — Sensitive Information Exposure in Cisco | cvebase