Cyber Resilience

CVE-2018-0161

MediumCISA KEVActive ExploitationEUVD Exploited

Published: 28 March 2018

Published
28 March 2018
Modified
14 January 2026
KEV Added
03 March 2022
Patch
CVSS Score v3.1 6.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
EPSS Score 0.0091 76.2th percentile
Risk Priority 33 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2018-0161 is a medium-severity an unspecified weakness vulnerability in Cisco Ios. Its CVSS base score is 6.3 (Medium).

Operationally, ranked in the top 23.8% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).

Deeper analysis

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software on specific Catalyst switch models allows an authenticated remote attacker to trigger a denial of service condition. The flaw, tracked as CSCvd89541 and described as a GET MIB Object ID Denial of Service Vulnerability, occurs when the software processes an SNMP read request containing the ciscoFlashMIB object identifier. Affected devices include Cisco Catalyst 2960-L Series Switches and Cisco Catalyst Digital Building Series Switches (8P and 8U models) running vulnerable IOS releases and configured for SNMPv2 or SNMPv3.

An attacker with valid SNMP credentials can exploit the issue by issuing a crafted SNMP GET request for the ciscoFlashMIB OID. Successful exploitation causes the device to experience a SYS-3-CPUHOG condition and restart, producing a denial of service. The CVSS 3.1 score of 6.3 reflects the need for low-privileged network access combined with high attack complexity and a scope change affecting availability.

The referenced Cisco Security Advisory (cisco-sa-20180328-snmp) and associated security trackers provide details on vulnerable software releases along with recommended mitigation steps, including software updates that address the SNMP processing flaw. No information on observed in-the-wild exploitation is supplied in the source data.

EU & UK References

Vulnerability details

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software running on certain models of Cisco Catalyst Switches could allow an authenticated, remote attacker to cause a denial of service (DoS) condition, aka a GET MIB…

more

Object ID Denial of Service Vulnerability. The vulnerability is due to a condition that could occur when the affected software processes an SNMP read request that contains a request for the ciscoFlashMIB object ID (OID). An attacker could trigger this vulnerability by issuing an SNMP GET request for the ciscoFlashMIB OID on an affected device. A successful exploit could cause the affected device to restart due to a SYS-3-CPUHOG. This vulnerability affects the following Cisco devices if they are running a vulnerable release of Cisco IOS Software and are configured to use SNMP Version 2 (SNMPv2) or SNMP Version 3 (SNMPv3): Cisco Catalyst 2960-L Series Switches, Cisco Catalyst Digital Building Series Switches 8P, Cisco Catalyst Digital Building Series Switches 8U. Cisco Bug IDs: CSCvd89541.

CWE(s)
KEV Date Added
03 March 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

cisco
ios
15.2\(5\)e

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the root cause by requiring installation of the vendor patch that fixes the ciscoFlashMIB OID processing flaw in IOS.

prevent

Limits SNMP user privileges so that even authenticated accounts cannot issue arbitrary GET requests against sensitive OIDs such as ciscoFlashMIB.

prevent

Enforces disabling SNMPv2/v3 or restricting allowed MIB views on the affected Catalyst switches, eliminating the attack vector entirely.

References