{"containers": {"cna": {"affected": [{"product": "Cisco IOS XE", "vendor": "n/a", "versions": [{"status": "affected", "version": "Cisco IOS XE"}]}], "datePublic": "2018-03-28T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "A vulnerability in Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper management of memory resources, referred to as a double free. An attacker could exploit this vulnerability by sending crafted SNMP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. To exploit this vulnerability via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for an affected system. To exploit this vulnerability via SNMP Version 3, the attacker must know the user credentials for the affected system. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software, have been configured to be queried over SNMP, and have Network Address Translation (NAT) enabled. Cisco Bug IDs: CSCve75818."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-415", "description": "CWE-415", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-04-03T09:57:01.000Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "103575", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/103575"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-snmp-dos"}, {"name": "1040584", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1040584"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2018-0160", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco IOS XE", "version": {"version_data": [{"version_value": "Cisco IOS XE"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper management of memory resources, referred to as a double free. An attacker could exploit this vulnerability by sending crafted SNMP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. To exploit this vulnerability via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for an affected system. To exploit this vulnerability via SNMP Version 3, the attacker must know the user credentials for the affected system. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software, have been configured to be queried over SNMP, and have Network Address Translation (NAT) enabled. Cisco Bug IDs: CSCve75818."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-415"}]}]}, "references": {"reference_data": [{"name": "103575", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103575"}, {"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-snmp-dos", "refsource": "CONFIRM", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-snmp-dos"}, {"name": "1040584", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040584"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:14:16.861Z"}, "title": "CVE Program Container", "references": [{"name": "103575", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/103575"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-snmp-dos"}, {"name": "1040584", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1040584"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-12-02T18:54:22.355800Z", "id": "CVE-2018-0160", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-02T20:55:06.631Z"}}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2018-0160", "datePublished": "2018-03-28T22:00:00.000Z", "dateReserved": "2017-11-27T00:00:00.000Z", "dateUpdated": "2024-12-02T20:55:06.631Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.securityfocus.com/bid/103575", "name": "103575", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"]}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-snmp-dos", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "http://www.securitytracker.com/id/1040584", "name": "1040584", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:14:16.861Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2018-0160", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-12-02T18:54:22.355800Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-02T18:59:20.921Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "Cisco IOS XE", "versions": [{"status": "affected", "version": "Cisco IOS XE"}]}], "datePublic": "2018-03-28T00:00:00.000Z", "references": [{"url": "http://www.securityfocus.com/bid/103575", "name": "103575", "tags": ["vdb-entry", "x_refsource_BID"]}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-snmp-dos", "tags": ["x_refsource_CONFIRM"]}, {"url": "http://www.securitytracker.com/id/1040584", "name": "1040584", "tags": ["vdb-entry", "x_refsource_SECTRACK"]}], "descriptions": [{"lang": "en", "value": "A vulnerability in Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper management of memory resources, referred to as a double free. An attacker could exploit this vulnerability by sending crafted SNMP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. To exploit this vulnerability via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for an affected system. To exploit this vulnerability via SNMP Version 3, the attacker must know the user credentials for the affected system. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software, have been configured to be queried over SNMP, and have Network Address Translation (NAT) enabled. Cisco Bug IDs: CSCve75818."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-415", "description": "CWE-415"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2018-04-03T09:57:01.000Z"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "Cisco IOS XE"}]}, "product_name": "Cisco IOS XE"}]}, "vendor_name": "n/a"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/103575", "name": "103575", "refsource": "BID"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-snmp-dos", "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-snmp-dos", "refsource": "CONFIRM"}, {"url": "http://www.securitytracker.com/id/1040584", "name": "1040584", "refsource": "SECTRACK"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper management of memory resources, referred to as a double free. An attacker could exploit this vulnerability by sending crafted SNMP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. To exploit this vulnerability via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for an affected system. To exploit this vulnerability via SNMP Version 3, the attacker must know the user credentials for the affected system. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software, have been configured to be queried over SNMP, and have Network Address Translation (NAT) enabled. Cisco Bug IDs: CSCve75818."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-415"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2018-0160", "STATE": "PUBLIC", "ASSIGNER": "psirt@cisco.com"}}}}, "cveMetadata": {"cveId": "CVE-2018-0160", "state": "PUBLISHED", "dateUpdated": "2024-12-02T20:55:06.631Z", "dateReserved": "2017-11-27T00:00:00.000Z", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2018-03-28T22:00:00.000Z", "assignerShortName": "cisco"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios_xe:15.5\\(3\\)s:*:*:*:*:*:*:*", "matchCriteriaId": "E64CE383-D9D5-45EF-9E68-E048D8DD9231", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:asr_901-12c-f-d:-:*:*:*:*:*:*:*", "matchCriteriaId": "D6279A69-2F9D-4CD9-9C19-62E701C3C4F9", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_901-12c-ft-d:-:*:*:*:*:*:*:*", "matchCriteriaId": "A46BB1E3-D813-4C19-81FA-96B8EF3E2F7B", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_901-4c-f-d:-:*:*:*:*:*:*:*", "matchCriteriaId": "64E9CCC6-CA54-44C4-9A41-D2CA3A25BE8C", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_901-4c-ft-d:-:*:*:*:*:*:*:*", "matchCriteriaId": "BC4E0CC8-9C67-4EB0-97A1-BAEFC6E9708A", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_901-6cz-f-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "DDB1A95C-8513-4CC7-8CDF-012B212FF02F", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_901-6cz-f-d:-:*:*:*:*:*:*:*", "matchCriteriaId": "AE761B1C-D749-4E1B-9A4A-7F41D1DF9C8C", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_901-6cz-fs-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "97B64B28-7F3F-40BC-B289-0D1DB55B6461", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_901-6cz-fs-d:-:*:*:*:*:*:*:*", "matchCriteriaId": "F5603296-34B3-4EEB-B242-C44BC56BFBB8", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_901-6cz-ft-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "6C2A515C-797D-47EE-8051-F3FBE417BCE9", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_901-6cz-ft-d:-:*:*:*:*:*:*:*", "matchCriteriaId": "E673A75F-EFF8-4591-8E0F-A21083563DBA", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_901s-2sg-f-ah:-:*:*:*:*:*:*:*", "matchCriteriaId": "E5456C70-6BA4-456A-BCFA-06FD052E44EF", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_901s-2sg-f-d:-:*:*:*:*:*:*:*", "matchCriteriaId": "515CD97F-DDBD-4F75-A6DB-646890A30B32", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_901s-3sg-f-ah:-:*:*:*:*:*:*:*", "matchCriteriaId": "6E181FC9-6790-4C12-874F-67252B6879BA", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_901s-3sg-f-d:-:*:*:*:*:*:*:*", "matchCriteriaId": "CAD4F12D-3F97-44D2-9DE2-571425E75F4E", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_901s-4sg-f-d:-:*:*:*:*:*:*:*", "matchCriteriaId": "FB1288DB-5946-4091-A6E8-42E0A0E7B2B9", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:me_3600x-24cx-m:-:*:*:*:*:*:*:*", "matchCriteriaId": "C03D362E-8431-46D9-A214-9BF421299095", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:me_3600x-24fs-m:-:*:*:*:*:*:*:*", "matchCriteriaId": "3D49393A-23B1-4B8A-8057-BA08745C9764", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:me_3600x-24ts-m:-:*:*:*:*:*:*:*", "matchCriteriaId": "0FD4E0EA-5F54-4916-B379-5FDA231BC6A7", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:me_3800x-24fs-m:-:*:*:*:*:*:*:*", "matchCriteriaId": "BA69BC08-9866-4B72-8491-A8E3FFCEF541", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability in Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper management of memory resources, referred to as a double free. An attacker could exploit this vulnerability by sending crafted SNMP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. To exploit this vulnerability via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for an affected system. To exploit this vulnerability via SNMP Version 3, the attacker must know the user credentials for the affected system. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software, have been configured to be queried over SNMP, and have Network Address Translation (NAT) enabled. Cisco Bug IDs: CSCve75818."}, {"lang": "es", "value": "Una vulnerabilidad en el subsistema Simple Network Management Protocol (SNMP) en Cisco IOS XE Software podr\u00eda permitir que un atacante remoto autenticado provoque una denegaci\u00f3n de servicio (DoS). Esta vulnerabilidad se debe a la gesti\u00f3n incorrecta de recursos de memoria, lo que se conoce como doble liberaci\u00f3n (double free). Un atacante podr\u00eda explotar esta vulnerabilidad enviando paquetes SNMP manipulados a un dispositivo afectado. Si se explota con \u00e9xito, podr\u00eda permitir que el atacante consiga que el dispositivo afectado se reinicie, provocando una denegaci\u00f3n de servicio. Para explotar esta vulnerabilidad mediante SNMP Version 2c o anteriores, el atacante debe conocer la cadena de comunidad de solo lectura SNMP de un sistema afectado. Para explotar esta vulnerabilidad mediante SNMP Version 3, el atacante debe conocer las credenciales de usuario para el sistema afectado. Esta vulnerabilidad afecta a dispositivos Cisco que ejecutan una distribuci\u00f3n vulnerable de Cisco IOS XE Software, se han configurado para recibir consultas por SNMP y tienen la traducci\u00f3n de direcciones de red (NAT) habilitada. Cisco Bug IDs: CSCve75818."}], "id": "CVE-2018-0160", "lastModified": "2024-11-21T03:37:38.200", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 6.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-03-28T22:29:00.657", "references": [{"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/103575"}, {"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1040584"}, {"source": "ykramarz@cisco.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-snmp-dos"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/103575"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1040584"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-snmp-dos"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-415"}], "source": "ykramarz@cisco.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-415"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}