Sign-up

ID

VAR-201803-1588


CVE

CVE-2018-0209


TITLE

Cisco 550X Series Stackable Managed Switches Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-002676

DESCRIPTION

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem communication channel through the Cisco 550X Series Stackable Managed Switches could allow an authenticated, remote attacker to cause the device to reload unexpectedly, causing a denial of service (DoS) condition. The device nay need to be manually reloaded to recover. The vulnerability is due to lack of proper input throttling of ingress SNMP traffic over an internal interface. An attacker could exploit this vulnerability by sending a crafted, heavy stream of SNMP traffic to the targeted device. An exploit could allow the attacker to cause the device to reload unexpectedly, causing a DoS condition. Cisco Bug IDs: CSCvg22135. Cisco 550X Series Stackable Managed Switches Contains an input validation vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvg22135 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. The Cisco 550XSeries StackableManagedSwitches is a 550X series gateway product from Cisco. A denial of service vulnerability exists in the SNMP subsystem communication channel in Cisco550XSeriesStackableManagedSwitches

Trust: 2.52

sources: NVD: CVE-2018-0209 // JVNDB: JVNDB-2018-002676 // CNVD: CNVD-2018-06469 // BID: 103406 // VULHUB: VHN-118411

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-06469

AFFECTED PRODUCTS

vendor:ciscomodel:small business 500 series stackable managed switchesscope:eqversion:2.2.5.68

Trust: 1.6

vendor:ciscomodel:small business 500 series stackable managed switchesscope:eqversion:2.3.0.130

Trust: 1.6

vendor:ciscomodel:550x series stackable managed switchscope: - version: -

Trust: 0.8

vendor:ciscomodel:series stackable managed switchesscope:eqversion:550x

Trust: 0.6

vendor:ciscomodel:series stackable managed switchesscope:eqversion:550x2.3.0.130

Trust: 0.3

vendor:ciscomodel:series stackable managed switchesscope:eqversion:550x2.2.5.68

Trust: 0.3

sources: CNVD: CNVD-2018-06469 // BID: 103406 // JVNDB: JVNDB-2018-002676 // CNNVD: CNNVD-201803-258 // NVD: CVE-2018-0209

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0209
value: HIGH

Trust: 1.0

NVD: CVE-2018-0209
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-06469
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201803-258
value: HIGH

Trust: 0.6

VULHUB: VHN-118411
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0209
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-06469
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-118411
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0209
baseSeverity: HIGH
baseScore: 7.7
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.1
impactScore: 4.0
version: 3.1

Trust: 1.0

NVD: CVE-2018-0209
baseSeverity: HIGH
baseScore: 7.7
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2018-06469 // VULHUB: VHN-118411 // JVNDB: JVNDB-2018-002676 // CNNVD: CNNVD-201803-258 // NVD: CVE-2018-0209

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.0

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-118411 // JVNDB: JVNDB-2018-002676 // NVD: CVE-2018-0209

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-258

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201803-258

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-002676

PATCH
title:cisco-sa-20180307-550xurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-550x
Trust: 0.8
title:Patch for Cisco 550XSNMP Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/123461
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-06469 // 
            
            
            
            JVNDB: JVNDB-2018-002676

EXTERNAL IDS
db:NVDid:CVE-2018-0209
Trust: 3.4
db:BIDid:103406
Trust: 2.6
db:JVNDBid:JVNDB-2018-002676
Trust: 0.8
db:CNNVDid:CNNVD-201803-258
Trust: 0.7
db:CNVDid:CNVD-2018-06469
Trust: 0.6
db:VULHUBid:VHN-118411
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-06469 // 
            
            
            
            VULHUB: VHN-118411 // 
            
            
            
            BID: 103406 // 
            
            
            
            JVNDB: JVNDB-2018-002676 // 
            
            
            
            CNNVD: CNNVD-201803-258 // 
            
            
            
            NVD: CVE-2018-0209

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180307-550x
Trust: 2.6
url:http://www.securityfocus.com/bid/103406
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0209
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0209
Trust: 0.8
url:http://www.cisco.com/en/us/products/ps5845/index.html
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-06469 // 
            
            
            
            VULHUB: VHN-118411 // 
            
            
            
            BID: 103406 // 
            
            
            
            JVNDB: JVNDB-2018-002676 // 
            
            
            
            CNNVD: CNNVD-201803-258 // 
            
            
            
            NVD: CVE-2018-0209

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 103406

SOURCES
db:CNVDid:CNVD-2018-06469
db:VULHUBid:VHN-118411
db:BIDid:103406
db:JVNDBid:JVNDB-2018-002676
db:CNNVDid:CNNVD-201803-258
db:NVDid:CVE-2018-0209

LAST UPDATE DATE
2024-11-23T21:53:19.958000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-06469date:2018-03-27T00:00:00
db:VULHUBid:VHN-118411date:2020-10-22T00:00:00
db:BIDid:103406date:2018-03-07T00:00:00
db:JVNDBid:JVNDB-2018-002676date:2018-04-24T00:00:00
db:CNNVDid:CNNVD-201803-258date:2020-10-23T00:00:00
db:NVDid:CVE-2018-0209date:2024-11-21T03:37:44.227

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-06469date:2018-03-27T00:00:00
db:VULHUBid:VHN-118411date:2018-03-08T00:00:00
db:BIDid:103406date:2018-03-07T00:00:00
db:JVNDBid:JVNDB-2018-002676date:2018-04-24T00:00:00
db:CNNVDid:CNNVD-201803-258date:2018-03-09T00:00:00
db:NVDid:CVE-2018-0209date:2018-03-08T07:29:00.533