CVE-2018-0299

Summary

CVE	CVE-2018-0299
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2018-06-21 11:29:00 UTC
Updated	2019-10-09 23:31:00 UTC
Description	A vulnerability in the Simple Network Management Protocol (SNMP) feature of Cisco NX-OS on the Cisco Nexus 4000 Series Switch could allow an authenticated, remote attacker to cause the device to unexpectedly reload, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete validation of an SNMP poll request for a specific MIB. An attacker could exploit this vulnerability by sending a specific SNMP poll request to the targeted device. An exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvg10442.

Risk And Classification

Problem Types: CWE-20

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Cisco	Nexus 4001i	-	All	All	All
Hardware	Cisco	Nexus 4001i	-	All	All	All
Operating System	Cisco	Nx-os	4.1(2)e1(1r)	All	All	All
Operating System	Cisco	Nx-os	4.1\(2\)e1\(1r\)	All	All	All
Operating System	Cisco	Nx-os	4.1\(2\)e1\(1r\)	All	All	All

References

Reference	Source	Link	Tags
Cisco Nexus 4000 Series Switch Simple Network Management Protocol Polling Denial of Service Vulnerability	CONFIRM	tools.cisco.com	Vendor Advisory
Cisco NX-OS Multiple Bugs Let Remote Users Deny Service and Execute Arbitrary Code and Let Remote Authenticated Users Gain Elevated Privileges - SecurityTracker	SECTRACK	www.securitytracker.com	Third Party Advisory, VDB Entry
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.