VDB

CVE-2018-0309

CVE-2018-0309 PUBLISHED CVSS 6.800000190734863 MEDIUM

A vulnerability in the implementation of a specific CLI command and the associated Simple Network Management Protocol (SNMP) MIB for Cisco NX-OS (in standalone NX-OS mode) on Cisco Nexus 3000 and 9000 Series Switches could allow an authenticated, remote attacker to exhaust system memory on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to the incorrect implementation of the CLI command, resulting in a failure to free all allocated memory upon completion. An attacker could exploit this vulnerability by authenticating to the affected device and repeatedly issuing a specific CLI command or sending a specific SNMP poll request for a specific Object Identifier (OID). A successful exploit could allow the attacker to cause the IP routing process to restart or to cause a device reset, resulting in a DoS condition. Cisco Bug IDs: CSCvf23136.

EPSS 1.02% · 77.6th percentile

Risk Scores

CVSS 2.0
6.800000190734863
EPSS Score
1.02%
77.6th percentile

Affected Products

VendorProductVersions
cisconx-os7.0\(3\)i5\(2\), *
n/aCisco Nexus 3000 and 9000 unknown*

Exploit Intelligence

Timeline

  • Jun 21, 2018 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Feb 28, 2022 EPSS Score
  • May 2, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Sep 5, 2022 EPSS Score
  • Nov 6, 2022 EPSS Score
  • Jan 8, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score

References

…and 6 more

Open in Interactive Console →
$ Console Community · 100/wk Open console ›