Lucene search

CiscoCVE-2018-0209

HistoryMar 08, 2018 - 7:29 a.m.

CVE-2018-0209

2018-03-0807:29:00

CWE-119

cisco

web.nvd.nist.gov

cve-2018-0209

snmp

cisco

dos

vulnerability

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

AI Score

7.3

Confidence

High

EPSS

0.001

Percentile

43.9%

JSON

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem communication channel through the Cisco 550X Series Stackable Managed Switches could allow an authenticated, remote attacker to cause the device to reload unexpectedly, causing a denial of service (DoS) condition. The device nay need to be manually reloaded to recover. The vulnerability is due to lack of proper input throttling of ingress SNMP traffic over an internal interface. An attacker could exploit this vulnerability by sending a crafted, heavy stream of SNMP traffic to the targeted device. An exploit could allow the attacker to cause the device to reload unexpectedly, causing a DoS condition. Cisco Bug IDs: CSCvg22135.

Affected configurations

Nvd

Node

ciscosmall_business_500_series_stackable_managed_switches_firmwareMatch2.2.5.68

ciscosmall_business_500_series_stackable_managed_switches_firmwareMatch2.3.0.130

AND

ciscosf500-24Match-

ciscosf500-24mpMatch-

ciscosf500-24pMatch-

ciscosf500-48Match-

ciscosf500-48mpMatch-

ciscosf500-48pMatch-

ciscosg500-28Match-

ciscosg500-28mppMatch-

ciscosg500-28pMatch-

ciscosg500-52Match-

ciscosg500-52mpMatch-

ciscosg500-52pMatch-

ciscosg500x-24Match-

ciscosg500x-24mppMatch-

ciscosg500x-24pMatch-

ciscosg500x-48Match-

ciscosg500x-48mpMatch-

ciscosg500x-48pMatch-

ciscosg500xg-8f8tMatch-

VendorProductVersionCPE
ciscosmall_business_500_series_stackable_managed_switches_firmware2.2.5.68cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:2.2.5.68:*:*:*:*:*:*:*
ciscosmall_business_500_series_stackable_managed_switches_firmware2.3.0.130cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:2.3.0.130:*:*:*:*:*:*:*
ciscosf500-24-cpe:2.3:h:cisco:sf500-24:-:*:*:*:*:*:*:*
ciscosf500-24mp-cpe:2.3:h:cisco:sf500-24mp:-:*:*:*:*:*:*:*
ciscosf500-24p-cpe:2.3:h:cisco:sf500-24p:-:*:*:*:*:*:*:*
ciscosf500-48-cpe:2.3:h:cisco:sf500-48:-:*:*:*:*:*:*:*
ciscosf500-48mp-cpe:2.3:h:cisco:sf500-48mp:-:*:*:*:*:*:*:*
ciscosf500-48p-cpe:2.3:h:cisco:sf500-48p:-:*:*:*:*:*:*:*
ciscosg500-28-cpe:2.3:h:cisco:sg500-28:-:*:*:*:*:*:*:*
ciscosg500-28mpp-cpe:2.3:h:cisco:sg500-28mpp:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	small_business_500_series_stackable_managed_switches_firmware	2.2.5.68	cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:2.2.5.68:::::::*
cisco	small_business_500_series_stackable_managed_switches_firmware	2.3.0.130	cpe:2.3:o:cisco:small_business_500_series_stackable_managed_switches_firmware:2.3.0.130:::::::*
cisco	sf500-24	-	cpe:2.3:h:cisco:sf500-24:-:::::::*
cisco	sf500-24mp	-	cpe:2.3:h:cisco:sf500-24mp:-:::::::*
cisco	sf500-24p	-	cpe:2.3:h:cisco:sf500-24p:-:::::::*
cisco	sf500-48	-	cpe:2.3:h:cisco:sf500-48:-:::::::*
cisco	sf500-48mp	-	cpe:2.3:h:cisco:sf500-48mp:-:::::::*
cisco	sf500-48p	-	cpe:2.3:h:cisco:sf500-48p:-:::::::*
cisco	sg500-28	-	cpe:2.3:h:cisco:sg500-28:-:::::::*
cisco	sg500-28mpp	-	cpe:2.3:h:cisco:sg500-28mpp:-:::::::*

Rows per page:

1-10 of 211

CNA Affected

[
  {
    "product": "Cisco 550X Series Stackable Managed Switches",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco 550X Series Stackable Managed Switches"
      }
    ]
  }
]

References

www.securityfocus.com/bid/103406

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-550x

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

AI Score

7.3

Confidence

High

EPSS

0.001

Percentile

43.9%

JSON

Related for CVE-2018-0209