A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software running on certain models of Cisco Catalyst Switches could allow an authenticated, remote attacker to cause a denial of service (DoS) condition, aka a GET MIB Object ID Denial of Service Vulnerability. The vulnerability is due to a condition that could occur when the affected software processes an SNMP read request that contains a request for the ciscoFlashMIB object ID (OID). An attacker could trigger this vulnerability by issuing an SNMP GET request for the ciscoFlashMIB OID on an affected device. A successful exploit could cause the affected device to restart due to a SYS-3-CPUHOG. This vulnerability affects the following Cisco devices if they are running a vulnerable release of Cisco IOS Software and are configured to use SNMP Version 2 (SNMPv2) or SNMP Version 3 (SNMPv3): Cisco Catalyst 2960-L Series Switches, Cisco Catalyst Digital Building Series Switches 8P, Cisco Catalyst Digital Building Series Switches 8U. Cisco Bug IDs: CSCvd89541.
Published 2018-03-28 22:29:01
Updated 2024-07-16 17:24:42
View at NVD,   CVE.org
Vulnerability category: Denial of service

Products affected by CVE-2018-0161

CVE-2018-0161 is in the CISA Known Exploited Vulnerabilities Catalog

CISA vulnerability name:
Cisco IOS Software Resource Management Errors Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software running on certain models of Cisco Catalyst Switches could allow an authenticated, remote attacker to cause a denial-of-service (DoS) condition.
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2018-0161
Added on 2022-03-03 Action due date 2022-03-17

Exploit prediction scoring system (EPSS) score for CVE-2018-0161

0.40%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 74 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2018-0161

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
6.3
MEDIUM AV:N/AC:M/Au:S/C:N/I:N/A:C
6.8
6.9
NIST
6.3
MEDIUM CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
1.8
4.0
NIST
6.3
MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
1.8
4.0
NIST 2024-07-16

CWE ids for CVE-2018-0161

  • Assigned by: ykramarz@cisco.com (Secondary)

References for CVE-2018-0161

Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!