Executive Summary
Summary | |
---|---|
Title | Cisco NX-OS Software SNMP Packet Denial of Service Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20160302-n5ksnmp | First vendor Publication | 2016-03-02 |
Vendor | Cisco | Last vendor Modification | 2016-03-02 |
Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.8 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco Nexus 5500 Platform Switches, Cisco Nexus 5600 Platform Switches, and Cisco Nexus 6000 Series Switches running Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the SNMP application on an affected device to restart unexpectedly. The vulnerability is due to improper validation of SNMP Protocol Data Units (PDUs) in SNMP packets. An attacker could exploit this vulnerability by sending a crafted SNMP packet to an affected device, which could cause the SNMP application on the device to restart. A successful exploit could allow the attacker to cause the SNMP application to restart multiple times, leading to a system-level restart and a denial of service (DoS) condition. Cisco released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-n5ksnmp BEGIN PGP SIGNATURE Version: GnuPG v1.4.5 (SunOS) iQIVAwUBVs+jWq89gD3EAJB5AQJDDxAAxdSHqJnWU8J8e4u7aN4xYyuAg3hvZp4J qrIpHMxuQW9kS9PBnzlvj2Z5zLhzxgzx5tJaiRmV9eMey/j4J1KIzPIi4eMa2w6o oFhN9Tla+ZuiqvTVuCF0swYEBRV6YHUXUoTEHuy9MMfmqJSu9L5bY/ESf0yLDDgT zyDp7BQ++v6FMjSf9VKDhuj1X3+dwHWqKZGaanTS+v7t1kfGz778vNGFhGB08L3c Ty3nL601bIfg2BDkFfPcd+BI3nG4RT85JmjA7fx+/xXuUw8GMfcUnwuw8Ym5R3l2 +9pW9Lx/PIh8lIRPTVS1Q6+TpBglBTfJV7IXZ+0nciCpa0VnQEhddwtk1fQ/cNHZ 0qYxIwbPHtPhT09V5JL82bn8xowhLGpdn+Kv/ZW1JOq5CYq5OYUOb6hu4DxpXggU wIVhpeQKxyaivYfjGMz5u8TD/LEVrq6vWSkt15SLXhZzSNyioRm5VrmPIRMwG7Xr fY4kcLNWku1m9zstiN1rwkBwFcJhvUn2Ny9Ug7UF/frE3CbSBiCJyCW8ucnKe5t6 lUsyJXT9kUYXT5oLTv62JTASuaRByer5svS+m7iDr2WXqumTgOQVYz648XHJ8k3n wMBpEFicSoEo+B7g12vQOHKB7FOsFpkyxvvOJ89X3ri8oDuzhPfUNhH3nq2EXlAt Vuy5i209RlQ= =zzHr END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 1 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-09 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20160302-n5ksnmp-nxos.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2016-03-19 09:28:53 |
|
2016-03-10 13:25:20 |
|
2016-03-03 00:24:55 |
|
2016-03-03 00:20:31 |
|