Description
A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software running on certain models of Cisco Catalyst Switches could allow an authenticated, remote attacker to cause a denial of service (DoS) condition, aka a GET MIB Object ID Denial of Service Vulnerability. The vulnerability is due to a condition that could occur when the affected software processes an SNMP read request that contains a request for the ciscoFlashMIB object ID (OID). An attacker could trigger this vulnerability by issuing an SNMP GET request for the ciscoFlashMIB OID on an affected device. A successful exploit could cause the affected device to restart due to a SYS-3-CPUHOG. This vulnerability affects the following Cisco devices if they are running a vulnerable release of Cisco IOS Software and are configured to use SNMP Version 2 (SNMPv2) or SNMP Version 3 (SNMPv3): Cisco Catalyst 2960-L Series Switches, Cisco Catalyst Digital Building Series Switches 8P, Cisco Catalyst Digital Building Series Switches 8U. Cisco Bug IDs: CSCvd89541.
Published: 2018-03-28
Score: 6.3 Medium
EPSS: < 1% Very Low
KEV: Yes
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2018-0984 A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software running on certain models of Cisco Catalyst Switches could allow an authenticated, remote attacker to cause a denial of service (DoS) condition, aka a GET MIB Object ID Denial of Service Vulnerability. The vulnerability is due to a condition that could occur when the affected software processes an SNMP read request that contains a request for the ciscoFlashMIB object ID (OID). An attacker could trigger this vulnerability by issuing an SNMP GET request for the ciscoFlashMIB OID on an affected device. A successful exploit could cause the affected device to restart due to a SYS-3-CPUHOG. This vulnerability affects the following Cisco devices if they are running a vulnerable release of Cisco IOS Software and are configured to use SNMP Version 2 (SNMPv2) or SNMP Version 3 (SNMPv3): Cisco Catalyst 2960-L Series Switches, Cisco Catalyst Digital Building Series Switches 8P, Cisco Catalyst Digital Building Series Switches 8U. Cisco Bug IDs: CSCvd89541.
History

Wed, 22 Oct 2025 00:15:00 +0000

Type Values Removed Values Added
References

Tue, 21 Oct 2025 20:30:00 +0000

Type Values Removed Values Added
References

Tue, 21 Oct 2025 19:30:00 +0000

Type Values Removed Values Added
References

Fri, 15 Nov 2024 18:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2022-03-03'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

Cisco Catalyst 2960l-16ps-ll Catalyst 2960l-16ts-ll Catalyst 2960l-24pq-ll Catalyst 2960l-24ps-ll Catalyst 2960l-24tq-ll Catalyst 2960l-24ts-ll Catalyst 2960l-48pq-ll Catalyst 2960l-48ps-ll Catalyst 2960l-48tq-ll Catalyst 2960l-48ts-ll Catalyst 2960l-8ps-ll Catalyst 2960l-8ts-ll Catalyst Digital Building Series Switches-8p Catalyst Digital Building Series Switches-8u Ios
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published:

Updated: 2026-01-12T21:56:13.785Z

Reserved: 2017-11-27T00:00:00.000Z

Link: CVE-2018-0161

cve-icon Vulnrichment

Updated: 2024-08-05T03:14:16.929Z

cve-icon NVD

Status : Analyzed

Published: 2018-03-28T22:29:00.703

Modified: 2026-01-14T18:44:25.593

Link: CVE-2018-0161

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses