CVE-2018-0309
7.7
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Exploitability: 3.1 / Impact: 4.0
Source: NVD
Description
A vulnerability in the implementation of a specific CLI command and the associated Simple Network Management Protocol (SNMP) MIB for Cisco NX-OS (in standalone NX-OS mode) on Cisco Nexus 3000 and 9000 Series Switches could allow an authenticated, remote attacker to exhaust system memory on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to the incorrect implementation of the CLI command, resulting in a failure to free all allocated memory upon completion. An attacker could exploit this vulnerability by authenticating to the affected device and repeatedly issuing a specific CLI command or sending a specific SNMP poll request for a specific Object Identifier (OID). A successful exploit could allow the attacker to cause the IP routing process to restart or to cause a device reset, resulting in a DoS condition. Cisco Bug IDs: CSCvf23136.
Affected (2)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 7.0(3)i5(2) |
| Running on/with | Platform Versions |
|---|---|
Cisco Nexus 3016 | All versions |
Cisco Nexus 3048 | All versions |
Cisco Nexus 3064 | All versions |
Cisco Nexus 3064 T | All versions |
Cisco Nexus 31108pc V | All versions |
Cisco Nexus 31108tc V | All versions |
Cisco Nexus 31128pq | All versions |
Cisco Nexus 3132q | All versions |
Cisco Nexus 3132q V | All versions |
Cisco Nexus 3132q Xl | All versions |
Cisco Nexus 3164q | All versions |
Cisco Nexus 3172 | All versions |
Cisco Nexus 3172pq Xl | All versions |
Cisco Nexus 3172tq | All versions |
Cisco Nexus 3172tq 32t | All versions |
Cisco Nexus 3172tq Xl | All versions |
Cisco Nexus 3232c | All versions |
Cisco Nexus 3264q | All versions |
Cisco Nexus 9000v | All versions |
Cisco Nexus 92160yc X | All versions |
Cisco Nexus 92300yc | All versions |
Cisco Nexus 92304qc | All versions |
Cisco Nexus 9236c | All versions |
Cisco Nexus 9272q | All versions |
Cisco Nexus 93108tc Ex | All versions |
Cisco Nexus 93120tx | All versions |
Cisco Nexus 93128tx | All versions |
Cisco Nexus 93180lc Ex | All versions |
Cisco Nexus 93180yc Ex | All versions |
Cisco Nexus 9332pq | All versions |
Cisco Nexus 9372px | All versions |
Cisco Nexus 9372px E | All versions |
Cisco Nexus 9372tx | All versions |
Cisco Nexus 9372tx E | All versions |
Cisco Nexus 9396px | All versions |
Cisco Nexus 9396tx | All versions |
Cisco Nexus 9504 | All versions |
Cisco Nexus 9508 | All versions |
Cisco Nexus 9516 | All versions |
References (4)
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.