A vulnerability in the implementation of a specific CLI command and the associated Simple Network Management Protocol (SNMP) MIB for Cisco NX-OS (in standalone NX-OS mode) on Cisco Nexus 3000 and 9000 Series Switches could allow an authenticated, remote attacker to exhaust system memory on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to the incorrect implementation of the CLI command, resulting in a failure to free all allocated memory upon completion. An attacker could exploit this vulnerability by authenticating to the affected device and repeatedly issuing a specific CLI command or sending a specific SNMP poll request for a specific Object Identifier (OID). A successful exploit could allow the attacker to cause the IP routing process to restart or to cause a device reset, resulting in a DoS condition. Cisco Bug IDs: CSCvf23136.
References
Link | Resource |
---|---|
http://www.securitytracker.com/id/1041169 | Third Party Advisory VDB Entry |
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-n3k-n9k-clisnmp | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
No history.
Information
Published : 2018-06-21 11:29
Updated : 2024-02-28 16:25
NVD link : CVE-2018-0309
Mitre link : CVE-2018-0309
CVE.ORG link : CVE-2018-0309
JSON object : View
Products Affected
cisco
- nexus_3172tq-32t
- nexus_3132q-xl
- nexus_9332pq
- nexus_31108tc-v
- nexus_31108pc-v
- nexus_9272q
- nexus_9372px-e
- nexus_9396tx
- nexus_3172pq-xl
- nexus_9372tx
- nexus_3172tq
- nexus_9516
- nexus_9236c
- nexus_93128tx
- nexus_92300yc
- nexus_3264q
- nexus_3132q-v
- nexus_3048
- nx-os
- nexus_3064
- nexus_3172tq-xl
- nexus_9508
- nexus_3232c
- nexus_9504
- nexus_3064-t
- nexus_9000v
- nexus_93120tx
- nexus_93180lc-ex
- nexus_92304qc
- nexus_93180yc-ex
- nexus_9396px
- nexus_9372tx-e
- nexus_3132q
- nexus_31128pq
- nexus_92160yc-x
- nexus_93108tc-ex
- nexus_3016
- nexus_3164q
- nexus_9372px
- nexus_3172
CWE
CWE-400
Uncontrolled Resource Consumption