CVE-2018-0291 — Improper Input Validation in Cisco Nx-os

CWE-20 — Improper Input Validation4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.9%

top 24.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Nx-os

Timeline

PublishedJun 20

Latest updateMay 13

Description

A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application on an affected device to restart unexpectedly. The vulnerability is due to improper validation of SNMP protocol data units (PDUs) in SNMP packets. An attacker could exploit this vulnerability by sending a crafted SNMP packet to an affected device. A successful exploit could allow the attacker to cause the SNMP …

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

▶NVDcisco/nx-os6.0 — 7.3\(3\)n1\(1\)+6

🔴Vulnerability Details

GHSA

GHSA-qwm9-fr49-mf7m: A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco NX-OS Software could allow an authenticated, remote a↗2022-05-13

▶

CVEList

CVE-2018-0291: A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco NX-OS Software could allow an authenticated, remote a↗2018-06-20

▶

📋Vendor Advisories

Cisco

Cisco NX-OS Software Authenticated Simple Network Management Protocol Denial of Service Vulnerability↗2018-06-20

▶