Sign-up

ID

VAR-201803-1380


CVE

CVE-2018-0161


TITLE

Cisco IOS Software resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-003519

DESCRIPTION

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software running on certain models of Cisco Catalyst Switches could allow an authenticated, remote attacker to cause a denial of service (DoS) condition, aka a GET MIB Object ID Denial of Service Vulnerability. The vulnerability is due to a condition that could occur when the affected software processes an SNMP read request that contains a request for the ciscoFlashMIB object ID (OID). An attacker could trigger this vulnerability by issuing an SNMP GET request for the ciscoFlashMIB OID on an affected device. A successful exploit could cause the affected device to restart due to a SYS-3-CPUHOG. This vulnerability affects the following Cisco devices if they are running a vulnerable release of Cisco IOS Software and are configured to use SNMP Version 2 (SNMPv2) or SNMP Version 3 (SNMPv3): Cisco Catalyst 2960-L Series Switches, Cisco Catalyst Digital Building Series Switches 8P, Cisco Catalyst Digital Building Series Switches 8U. Cisco Bug IDs: CSCvd89541. Cisco IOS The software contains a resource management vulnerability. Vendors have confirmed this vulnerability Cisco Bug ID : CSCvd89541 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. are all switching devices of Cisco (Cisco). Simple Network Management Protocol (SNMP) subsystem is one of the simple network management subsystems used for network device management information exchange

Trust: 2.61

sources: NVD: CVE-2018-0161 // JVNDB: JVNDB-2018-003519 // CNVD: CNVD-2018-08473 // BID: 103573 // VULHUB: VHN-118363 // VULMON: CVE-2018-0161

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-08473

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:eqversion:15.2\(5\)e

Trust: 1.6

vendor:ciscomodel:iosscope: - version: -

Trust: 1.4

vendor:ciscomodel:ios 15.2 escope: - version: -

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:catalyst digital building series switches 8uscope:eqversion:??0

Trust: 0.3

vendor:ciscomodel:catalyst digital building series switches 8pscope:eqversion:??0

Trust: 0.3

vendor:ciscomodel:catalyst 2960-l series switchesscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2018-08473 // BID: 103573 // JVNDB: JVNDB-2018-003519 // CNNVD: CNNVD-201803-1029 // NVD: CVE-2018-0161

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0161
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-0161
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-08473
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201803-1029
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118363
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-0161
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0161
severity: MEDIUM
baseScore: 6.3
vectorString: AV:N/AC:M/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.8
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2018-08473
severity: MEDIUM
baseScore: 6.3
vectorString: AV:N/AC:M/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.8
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-118363
severity: MEDIUM
baseScore: 6.3
vectorString: AV:N/AC:M/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.8
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0161
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 4.0
version: 3.1

Trust: 1.0

NVD: CVE-2018-0161
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2018-08473 // VULHUB: VHN-118363 // VULMON: CVE-2018-0161 // JVNDB: JVNDB-2018-003519 // CNNVD: CNNVD-201803-1029 // NVD: CVE-2018-0161

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: VULHUB: VHN-118363 // JVNDB: JVNDB-2018-003519 // NVD: CVE-2018-0161

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-1029

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201803-1029

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-003519

PATCH
title:cisco-sa-20180328-snmpurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-snmp
Trust: 0.8
title:Patch for Cisco IOS Software Denial of Service Vulnerability (CNVD-2018-08473)url:https://www.cnvd.org.cn/patchInfo/show/127483
Trust: 0.6
title:Multiple Cisco product Cisco IOS Software Simple Network Management Protocol Fixes for Subsystem Resource Management Error Vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79497
Trust: 0.6
title:Cisco: Cisco IOS Software Simple Network Management Protocol GET MIB Object ID Denial of Service Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20180328-snmp
Trust: 0.1
title:Known Exploited Vulnerabilities Detectorurl:https://github.com/Ostorlab/KEV 
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-08473 // 
            
            
            
            VULMON: CVE-2018-0161 // 
            
            
            
            JVNDB: JVNDB-2018-003519 // 
            
            
            
            CNNVD: CNNVD-201803-1029

EXTERNAL IDS
db:NVDid:CVE-2018-0161
Trust: 3.5
db:BIDid:103573
Trust: 2.1
db:SECTRACKid:1040589
Trust: 1.8
db:JVNDBid:JVNDB-2018-003519
Trust: 0.8
db:CNNVDid:CNNVD-201803-1029
Trust: 0.7
db:CNVDid:CNVD-2018-08473
Trust: 0.6
db:VULHUBid:VHN-118363
Trust: 0.1
db:VULMONid:CVE-2018-0161
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-08473 // 
            
            
            
            VULHUB: VHN-118363 // 
            
            
            
            VULMON: CVE-2018-0161 // 
            
            
            
            BID: 103573 // 
            
            
            
            JVNDB: JVNDB-2018-003519 // 
            
            
            
            CNNVD: CNNVD-201803-1029 // 
            
            
            
            NVD: CVE-2018-0161

REFERENCES
url:http://www.securityfocus.com/bid/103573
Trust: 2.5
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180328-snmp
Trust: 2.2
url:http://www.securitytracker.com/id/1040589
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0161
Trust: 1.4
url:http://www.cisco.com/c/en/us/products/ios-nx-os-software/ios-xe/index.html
Trust: 0.9
url:https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0161
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/ostorlab/kev
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-08473 // 
            
            
            
            VULHUB: VHN-118363 // 
            
            
            
            VULMON: CVE-2018-0161 // 
            
            
            
            BID: 103573 // 
            
            
            
            JVNDB: JVNDB-2018-003519 // 
            
            
            
            CNNVD: CNNVD-201803-1029 // 
            
            
            
            NVD: CVE-2018-0161

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 103573 // 
            
            
            
            CNNVD: CNNVD-201803-1029

SOURCES
db:CNVDid:CNVD-2018-08473
db:VULHUBid:VHN-118363
db:VULMONid:CVE-2018-0161
db:BIDid:103573
db:JVNDBid:JVNDB-2018-003519
db:CNNVDid:CNNVD-201803-1029
db:NVDid:CVE-2018-0161

LAST UPDATE DATE
2024-11-23T22:45:25.246000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-08473date:2018-04-26T00:00:00
db:VULHUBid:VHN-118363date:2019-10-03T00:00:00
db:VULMONid:CVE-2018-0161date:2019-10-03T00:00:00
db:BIDid:103573date:2018-03-28T00:00:00
db:JVNDBid:JVNDB-2018-003519date:2018-05-25T00:00:00
db:CNNVDid:CNNVD-201803-1029date:2019-10-23T00:00:00
db:NVDid:CVE-2018-0161date:2024-11-21T03:37:38.320

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-08473date:2018-04-26T00:00:00
db:VULHUBid:VHN-118363date:2018-03-28T00:00:00
db:VULMONid:CVE-2018-0161date:2018-03-28T00:00:00
db:BIDid:103573date:2018-03-28T00:00:00
db:JVNDBid:JVNDB-2018-003519date:2018-05-25T00:00:00
db:CNNVDid:CNNVD-201803-1029date:2018-03-29T00:00:00
db:NVDid:CVE-2018-0161date:2018-03-28T22:29:00.703