CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
43.9%
A vulnerability in the implementation of a specific CLI command and the associated Simple Network Management Protocol (SNMP) MIB for Cisco NX-OS (in standalone NX-OS mode) on Cisco Nexus 3000 and 9000 Series Switches could allow an authenticated, remote attacker to exhaust system memory on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to the incorrect implementation of the CLI command, resulting in a failure to free all allocated memory upon completion. An attacker could exploit this vulnerability by authenticating to the affected device and repeatedly issuing a specific CLI command or sending a specific SNMP poll request for a specific Object Identifier (OID). A successful exploit could allow the attacker to cause the IP routing process to restart or to cause a device reset, resulting in a DoS condition. Cisco Bug IDs: CSCvf23136.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | nx-os | 7.0(3)i5(2) | cpe:2.3:o:cisco:nx-os:7.0\(3\)i5\(2\):*:*:*:*:*:*:* |
cisco | nx-os | 7.0(3)i6(1) | cpe:2.3:o:cisco:nx-os:7.0\(3\)i6\(1\):*:*:*:*:*:*:* |
cisco | nexus_3016 | - | cpe:2.3:h:cisco:nexus_3016:-:*:*:*:*:*:*:* |
cisco | nexus_3048 | - | cpe:2.3:h:cisco:nexus_3048:-:*:*:*:*:*:*:* |
cisco | nexus_3064 | - | cpe:2.3:h:cisco:nexus_3064:-:*:*:*:*:*:*:* |
cisco | nexus_3064-t | - | cpe:2.3:h:cisco:nexus_3064-t:-:*:*:*:*:*:*:* |
cisco | nexus_31108pc-v | - | cpe:2.3:h:cisco:nexus_31108pc-v:-:*:*:*:*:*:*:* |
cisco | nexus_31108tc-v | - | cpe:2.3:h:cisco:nexus_31108tc-v:-:*:*:*:*:*:*:* |
cisco | nexus_31128pq | - | cpe:2.3:h:cisco:nexus_31128pq:-:*:*:*:*:*:*:* |
cisco | nexus_3132q | - | cpe:2.3:h:cisco:nexus_3132q:-:*:*:*:*:*:*:* |
[
{
"product": "Cisco Nexus 3000 and 9000 unknown",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco Nexus 3000 and 9000 unknown"
}
]
}
]
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
43.9%