CVE-2018-0456 Details

CVE-2018-0456

Published: 2018-10-17
Last Modified: 2019-10-09
CVE Author: NIST National Vulnerability Database
CVE Assigner: cve@mitre.org
Summary

A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application of an affected device to restart unexpectedly. The vulnerability is due to improper validation of SNMP protocol data units (PDUs) in SNMP packets. An attacker could exploit this vulnerability by sending a crafted SNMP packet to an affected device. A successful exploit could allow the attacker to cause the SNMP application to restart multiple times, leading to a system-level restart and a denial of service (DoS) condition.

Analysis
Common Vulnerability Score System v2.0
Severity Medium
Base Score 6.8/10
Exploit Score 8/10
Access Vector Network
Access Complexity Low
Authentication Single
Impact Score 6.9/10
Confidentiality Impact None
Availability Impact Complete
Integrity Impact None
Vector String AV:N/AC:L/Au:S/C:N/I:N/A:C
Common Vulnerability Score System v3.1
Severity High
Base Score 7.7/10
Exploit Score 3.1/10
Access Vector Network
Access Complexity Low
Privileges Required Low
Impact Score 4/10
Confidentiality Impact None
Availability Impact High
Integrity Impact None
Scope Changed
User Interaction None
Vector String CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Products Reported
CPE Vulnerable Start Excluding
cpe:2.3:o:cisco:nx-os:9.2\(0.43\):*:*:*:*:*:*:* Yes - -
References

http://www.securityfocus.com/bid/105668
http://www.securitytracker.com/id/1041921
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-nxos-snmp

CVE ID
CVE-2018-0456
Published
2018-10-17
Modified
2019-10-09
CVSSv2.0
Medium
CVSSv3.1
High
PCI Compliance
Pass
US-CERT Alert
No
CWE
CWE-20

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities.