Vulnslist

find the latest Cisco vulnerabilities

Cisco NX-OS Software Authenticated Simple Network Management Protocol Denial of Service Vulnerability

cisco-sa-20180620-nxossnmp · High · Published · Updated

A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application on an affected device to restart unexpectedly. The vulnerability is due to improper validation of SNMP protocol data units (PDUs) in SNMP packets. An attacker could exploit this vulnerability by sending a crafted SNMP packet to an affected device. A successful exploit could allow the attacker to cause the SNMP application to restart multiple times, leading to a system-level restart and a denial of service (DoS) condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxossnmp This advisory is part of the June 2018 Cisco FXOS and NX-OS Software Security Advisory Collection, which includes 24 Cisco Security Advisories that describe 24 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: June 2018 Cisco FXOS and NX-OS Software Security Advisory Collection.

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

As a mitigation for the vulnerability that is described in this advisory, administrators can configure an access control list (ACL) on an SNMP community to filter incoming SNMP requests to ensure that SNMP polling is performed only by trusted SNMP clients. In the following example, the device will accept incoming SNMP requests only from a single trusted host, 192.168.1.2:

switch# show access-list acl_for_snmp
IPV4 ACL acl_for_snmp 10 permit udp 192.168.1.2/32 192.168.1.3/32 eq snmp

To implement the preceding ACL, administrators can add it to the snmp-server community configuration command:

switch# show running-config snmp
!Command: show running-config snmp snmp-server community mycompany use-acl acl_for_snmp

For additional information about configuring ACLs to filter incoming SNMP requests, see Filtering SNMP Requests https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/system_management/b_Cisco_Nexus_5000_Series_NX-OS_System_Management_Configuration_Guide/Cisco_Nexus_5000_Series_NX-OS_System_Management_Configuration_Guide_chapter9.html#task_D3862190751F4B1A9F5353B015A888A7 in the NX-OS Configuration Guide.

CVEsCVE-2018-0291
Cisco Bug IDsCSCuw99630, CSCvj67977, CSCvg71290
CVSS ScoreBase 7.7
Base 7.7 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:X/RL:X/RC:X
Product Names From Source
Cisco Unified Computing System (Managed), Cisco NX-OS Software 5.2(3a), Cisco NX-OS Software 5.2(4), Cisco NX-OS Software 5.2(5), Cisco NX-OS Software 5.2(7), Cisco NX-OS Software 5.2(9), Cisco NX-OS Software 5.2(3), Cisco NX-OS Software 5.2(9a), Cisco NX-OS Software 6.1(1), Cisco NX-OS Software 6.1(2), Cisco NX-OS Software 6.1(3), Cisco NX-OS Software 6.1(4), Cisco NX-OS Software 6.1(4a), Cisco NX-OS Software 6.1(5), Cisco NX-OS Software 6.1(3)S5, Cisco NX-OS Software 6.1(3)S6, Cisco NX-OS Software 6.1(5a), Cisco NX-OS Software 4.2(1)N1(1), Cisco NX-OS Software 4.2(1)N2(1), Cisco NX-OS Software 4.2(1)N2(1a), Cisco NX-OS Software 5.0(2)N1(1), Cisco NX-OS Software 5.0(2)N2(1), Cisco NX-OS Software 5.0(2)N2(1a), Cisco NX-OS Software 5.0(3)N1(1c), Cisco NX-OS Software 5.0(3)N1(1), Cisco NX-OS Software 5.0(3)N1(1a), Cisco NX-OS Software 5.0(3)N1(1b), Cisco NX-OS Software 5.0(3)N2(1), Cisco NX-OS Software 5.0(3)N2(2), Cisco NX-OS Software 5.0(3)N2(2a), Cisco NX-OS Software 5.0(3)N2(2b), Cisco NX-OS Software 5.1(3)N1(1), Cisco NX-OS Software 5.1(3)N1(1a), Cisco NX-OS Software 5.1(3)N2(1), Cisco NX-OS Software 5.1(3)N2(1a), Cisco NX-OS Software 5.1(3)N2(1b), Cisco NX-OS Software 5.1(3)N2(1c), Cisco NX-OS Software 5.2(1)N1(1), Cisco NX-OS Software 5.2(1)N1(1a), Cisco NX-OS Software 5.2(1)N1(1b), Cisco NX-OS Software 5.2(1)N1(2), Cisco NX-OS Software 5.2(1)N1(2a), Cisco NX-OS Software 5.2(1)N1(3), Cisco NX-OS Software 5.2(1)N1(4), Cisco NX-OS Software 5.2(1)N1(5), Cisco NX-OS Software 5.2(1)N1(6), Cisco NX-OS Software 5.2(1)N1(7), Cisco NX-OS Software 5.2(1)N1(8a), Cisco NX-OS Software 5.2(1)N1(8), Cisco NX-OS Software 5.2(1)N1(8b), Cisco NX-OS Software 5.2(1)N1(9), Cisco NX-OS Software 5.2(1)N1(9a), Cisco NX-OS Software 5.2(1)N1(9b), Cisco NX-OS Software 6.0(1), Cisco NX-OS Software 6.0(2), Cisco NX-OS Software 6.0(3), Cisco NX-OS Software 6.0(4), Cisco NX-OS Software 6.0(2)N1(1), Cisco NX-OS Software 6.0(2)N1(2), Cisco NX-OS Software 6.0(2)N1(2a), Cisco NX-OS Software 6.0(2)N2(1), Cisco NX-OS Software 6.0(2)N2(1b), Cisco NX-OS Software 6.0(2)N2(2), Cisco NX-OS Software 6.0(2)N2(3), Cisco NX-OS Software 6.0(2)N2(4), Cisco NX-OS Software 6.0(2)N2(5), Cisco NX-OS Software 6.0(2)N2(5a), Cisco NX-OS Software 6.0(2)N2(6), Cisco NX-OS Software 6.0(2)N2(7), Cisco NX-OS Software 6.1(2)I3(3.78), Cisco NX-OS Software 7.0(3), Cisco NX-OS Software 7.0(2)I2(2c), Cisco NX-OS Software 7.0(2)N1(1a), Cisco NX-OS Software 7.0(6)N1(1c), Cisco NX-OS Software 7.1(0)N1(2), Cisco NX-OS Software 7.1(3)N1(1b), Cisco NX-OS Software 7.3(1)D1(1B), Cisco NX-OS Software 7.3(1)N1(0.1), Cisco NX-OS Software 7.3(2)D1(1A), Cisco NX-OS Software

CSAF Product Statuses

Product Status Source CVE Rows
4.2(1)N1(1) known_affected cisco_csaf CVE-2018-0291 1
4.2(1)N2(1) known_affected cisco_csaf CVE-2018-0291 1
4.2(1)N2(1a) known_affected cisco_csaf CVE-2018-0291 1
5.0(2)N1(1) known_affected cisco_csaf CVE-2018-0291 1
5.0(2)N2(1) known_affected cisco_csaf CVE-2018-0291 1
5.0(2)N2(1a) known_affected cisco_csaf CVE-2018-0291 1
5.0(3)N1(1) known_affected cisco_csaf CVE-2018-0291 1
5.0(3)N1(1a) known_affected cisco_csaf CVE-2018-0291 1
5.0(3)N1(1b) known_affected cisco_csaf CVE-2018-0291 1
5.0(3)N1(1c) known_affected cisco_csaf CVE-2018-0291 1
5.0(3)N2(1) known_affected cisco_csaf CVE-2018-0291 1
5.0(3)N2(2) known_affected cisco_csaf CVE-2018-0291 1

Showing 12 of 79 CSAF status groups; 67 more not shown.

Related Products

Product CVE Evidence
Cisco Firepower Extensible Operating System (FXOS) CVE-2018-0291 Cisco OpenVuln
Cisco NX-OS Software CVE-2018-0291 Cisco OpenVuln
Cisco Unified Computing System (Managed) CVE-2018-0291 Cisco OpenVuln