⚠ Actively exploited
Added to CISA KEV on 2022-03-03. Federal agencies required to patch by 2022-03-17. Required action: Apply updates per vendor instructions..

CVE-2018-0161Cisco IOS vulnerability

CWE-3998 documents7 sources
Severity
6.3MEDIUMNVD
EPSS
0.9%
top 24.21%
CISA KEV
KEV
Added 2022-03-03
Due 2022-03-17
Exploit
Exploited in wild
Active exploitation observed
Affected products
2
Cisco IOSCisco IOS
Timeline
PublishedMar 28
KEV addedMar 3
KEV dueMar 17
Latest updateMay 13
CISA Required Action: Apply updates per vendor instructions.

Description

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software running on certain models of Cisco Catalyst Switches could allow an authenticated, remote attacker to cause a denial of service (DoS) condition, aka a GET MIB Object ID Denial of Service Vulnerability. The vulnerability is due to a condition that could occur when the affected software processes an SNMP read request that contains a request for the ciscoFlashMIB object ID (OID). An attacker could trigg

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 1.8 | Impact: 4.0

Affected Packages2 packages

NVDcisco/ios15.2\(5\)e
CVEListV5cisco/cisco_iosCisco IOS

🔴Vulnerability Details

3
GHSA
GHSA-67f4-59mc-w493: A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software running on certain models of Cisco Catalyst Switches2022-05-13
CVEList
CVE-2018-0161: A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software running on certain models of Cisco Catalyst Switches2018-03-28
VulnCheck
Cisco IOS Software Resource Management Errors Vulnerability2018

📋Vendor Advisories

2
CISA
Cisco IOS Software Resource Management Errors Vulnerability2022-03-03
Cisco
Cisco IOS Software Simple Network Management Protocol GET MIB Object ID Denial of Service Vulnerability2018-03-28
CVE-2018-0161 — Cisco IOS vulnerability | cvebase