CVE-2018-0160

Summary

CVE	CVE-2018-0160
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2018-03-28 22:29:00 UTC
Updated	2019-10-09 23:31:00 UTC
Description	A vulnerability in Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper management of memory resources, referred to as a double free. An attacker could exploit this vulnerability by sending crafted SNMP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. To exploit this vulnerability via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for an affected system. To exploit this vulnerability via SNMP Version 3, the attacker must know the user credentials for the affected system. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software, have been configured to be queried over SNMP, and have Network Address Translation (NAT) enabled. Cisco Bug IDs: CSCve75818.

Risk And Classification

Problem Types: CWE-415

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Cisco	Asr 901-12c-f-d	-	All	All	All
Hardware	Cisco	Asr 901-12c-f-d	-	All	All	All
Hardware	Cisco	Asr 901-12c-ft-d	-	All	All	All
Hardware	Cisco	Asr 901-12c-ft-d	-	All	All	All
Hardware	Cisco	Asr 901-4c-f-d	-	All	All	All
Hardware	Cisco	Asr 901-4c-f-d	-	All	All	All
Hardware	Cisco	Asr 901-4c-ft-d	-	All	All	All
Hardware	Cisco	Asr 901-4c-ft-d	-	All	All	All
Hardware	Cisco	Asr 901-6cz-f-a	-	All	All	All
Hardware	Cisco	Asr 901-6cz-f-a	-	All	All	All
Hardware	Cisco	Asr 901-6cz-f-d	-	All	All	All
Hardware	Cisco	Asr 901-6cz-f-d	-	All	All	All
Hardware	Cisco	Asr 901-6cz-fs-a	-	All	All	All
Hardware	Cisco	Asr 901-6cz-fs-a	-	All	All	All
Hardware	Cisco	Asr 901-6cz-fs-d	-	All	All	All
Hardware	Cisco	Asr 901-6cz-fs-d	-	All	All	All
Hardware	Cisco	Asr 901-6cz-ft-a	-	All	All	All
Hardware	Cisco	Asr 901-6cz-ft-a	-	All	All	All
Hardware	Cisco	Asr 901-6cz-ft-d	-	All	All	All
Hardware	Cisco	Asr 901-6cz-ft-d	-	All	All	All
Hardware	Cisco	Asr 901s-2sg-f-ah	-	All	All	All
Hardware	Cisco	Asr 901s-2sg-f-ah	-	All	All	All
Hardware	Cisco	Asr 901s-2sg-f-d	-	All	All	All
Hardware	Cisco	Asr 901s-2sg-f-d	-	All	All	All
Hardware	Cisco	Asr 901s-3sg-f-ah	-	All	All	All
Hardware	Cisco	Asr 901s-3sg-f-ah	-	All	All	All
Hardware	Cisco	Asr 901s-3sg-f-d	-	All	All	All
Hardware	Cisco	Asr 901s-3sg-f-d	-	All	All	All
Hardware	Cisco	Asr 901s-4sg-f-d	-	All	All	All
Hardware	Cisco	Asr 901s-4sg-f-d	-	All	All	All
Operating System	Cisco	Ios Xe	15.5(3)s	All	All	All
Operating System	Cisco	Ios Xe	15.5\(3\)s	All	All	All
Operating System	Cisco	Ios Xe	15.5\(3\)s	All	All	All
Hardware	Cisco	Me 3600x-24cx-m	-	All	All	All
Hardware	Cisco	Me 3600x-24cx-m	-	All	All	All
Hardware	Cisco	Me 3600x-24fs-m	-	All	All	All
Hardware	Cisco	Me 3600x-24fs-m	-	All	All	All
Hardware	Cisco	Me 3600x-24ts-m	-	All	All	All
Hardware	Cisco	Me 3600x-24ts-m	-	All	All	All
Hardware	Cisco	Me 3800x-24fs-m	-	All	All	All
Hardware	Cisco	Me 3800x-24fs-m	-	All	All	All

References

Reference	Source	Link	Tags
Cisco IOS XE SNMP Memory Management Error Lets Remote Authenticated Users Cause the Target System to Reload - SecurityTracker	SECTRACK	www.securitytracker.com	Third Party Advisory, VDB Entry
Cisco IOS XE Software CVE-2018-0160 Denial of Service Vulnerability	BID	www.securityfocus.com	Third Party Advisory, VDB Entry
Cisco IOS XE Software Simple Network Management Protocol Double-Free Denial of Service Vulnerability	CONFIRM	tools.cisco.com	Mitigation, Vendor Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.