CVE-2018-0209

HIGH

Cisco Small Business 500 Series Stackable Managed Switches Firmware - Denial of Service via SNMP Traffic Flood

Title source: llm
STIX 2.1

Description

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem communication channel through the Cisco 550X Series Stackable Managed Switches could allow an authenticated, remote attacker to cause the device to reload unexpectedly, causing a denial of service (DoS) condition. The device nay need to be manually reloaded to recover. The vulnerability is due to lack of proper input throttling of ingress SNMP traffic over an internal interface. An attacker could exploit this vulnerability by sending a crafted, heavy stream of SNMP traffic to the targeted device. An exploit could allow the attacker to cause the device to reload unexpectedly, causing a DoS condition. Cisco Bug IDs: CSCvg22135.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/103406

Scores

CVSS v3 7.7
EPSS 0.0165
EPSS Percentile 73.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-119
Status published
Products (2)
cisco/small_business_500_series_stackable_managed_switches_firmware 2.2.5.68
cisco/small_business_500_series_stackable_managed_switches_firmware 2.3.0.130
Published Mar 08, 2018
Tracked Since Feb 18, 2026