CVE-2018-0309

A vulnerability in the implementation of a specific CLI command and the associated Simple Network Management Protocol (SNMP) MIB for Cisco NX-OS (in standalone NX-OS mode) on Cisco Nexus 3000 and 9000 Series Switches could allow an authenticated, remote attacker to exhaust system memory on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to the incorrect implementation of the CLI command, resulting in a failure to free all allocated memory upon completion. An attacker could exploit this vulnerability by authenticating to the affected device and repeatedly issuing a specific CLI command or sending a specific SNMP poll request for a specific Object Identifier (OID). A successful exploit could allow the attacker to cause the IP routing process to restart or to cause a device reset, resulting in a DoS condition. Cisco Bug IDs: CSCvf23136.

Published : 2018-06-21 11:29 Updated : 2019-10-09 23:31

6.8
CVSS Score More info
Score 6.8 / 10
6.8
Vendor Product Version URI
Cisco Nx-os 7.0%283%29i5%282%29 cpe:/o:cisco:nx-os:7.0%283%29i5%282%29
Cisco Nx-os 7.0%283%29i6%281%29 cpe:/o:cisco:nx-os:7.0%283%29i6%281%29
  1. Cisco (1) Search CVE
    1. Nx-os (2) Search CVE
      1. 7.0%283%29i5%282%29
      2. 7.0%283%29i6%281%29

CWE

ID Name Description Links
CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion') The software does not properly restrict the size or amount of resources that are requested or influenced by an actor, which can be used to consume more resources than intended. CVE

History of changes

Date Event
2018-08-20 20:16
2018-06-24 01:29
2018-06-21 11:29

New CVE