2.3.0.130

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

network

low complexity

cisco

NVD

Published: 2018-03-08

Updated: 2020-10-22

Summary

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem communication channel through the Cisco 550X Series Stackable Managed Switches could allow an authenticated, remote attacker to cause the device to reload unexpectedly, causing a denial of service (DoS) condition. The device nay need to be manually reloaded to recover. The vulnerability is due to lack of proper input throttling of ingress SNMP traffic over an internal interface. An attacker could exploit this vulnerability by sending a crafted, heavy stream of SNMP traffic to the targeted device. An exploit could allow the attacker to cause the device to reload unexpectedly, causing a DoS condition. Cisco Bug IDs: CSCvg22135.

Vulnerable Configurations

Part	Description	Count
OS	Cisco Cisco Small Business 500 Series Stackable Managed Switches Firmware 2.2.5.68 Cisco Small Business 500 Series Stackable Managed Switches Firmware 2.3.0.130	2
Hardware	Cisco Cisco Sf500 24 - Cisco Sf500 24Mp - Cisco Sf500 24P - Cisco Sf500 48 - Cisco Sf500 48Mp - Cisco Sf500 48P - Cisco Sg500 28 - Cisco Sg500 28Mpp - Cisco Sg500 28P - Cisco Sg500 52 - Cisco Sg500 52Mp - Cisco Sg500 52P - Cisco Sg500X 24 - Cisco Sg500X 24Mpp - Cisco Sg500X 24P - Cisco Sg500X 48 - Cisco Sg500X 48Mp - Cisco Sg500X 48P - Cisco Sg500Xg 8F8T -	19

Summary

Vulnerable Configurations

References