Detections
Analytics

Vulnerabilities in SNMP Message Processing - Cisco Systems

medium Nessus Plugin ID 48974

Language:

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

Cisco Internetwork Operating System (IOS) Software release trains 12.0S, 12.1E, 12.2, 12.2S, 12.3, 12.3B and 12.3T may contain a vulnerability in processing SNMP requests which, if exploited, could cause the device to reload.
 The vulnerability is only present in certain IOS releases on Cisco routers and switches. This behavior was introduced via a code change and is resolved with CSCed68575.
 This vulnerability can be remotely triggered. A successful exploitation of this vulnerability may cause a reload of the device and could be exploited repeatedly to produce a denial of service (DoS).

Solution

Apply the relevant patch referenced in Cisco Security Advisory cisco-sa-20040420-snmp.

See Also

http://www.nessus.org/u?7b858efa

http://www.nessus.org/u?c244c7af

Plugin Details

Severity: Medium

ID: 48974

File Name: cisco-sa-20040420-snmp.nasl

Version: 1.21

Type: local

Family: CISCO

Published: 9/1/2010

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/o:cisco:ios

Required KB Items: Host/Cisco/IOS/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 4/20/2004

Vulnerability Publication Date: 4/20/2004

Reference Information

CVE: CVE-2004-0714

BID: 10186

CERT: 162451

CISCO-SA: cisco-sa-20040420-snmp

CISCO-BUG-ID: CSCeb22276, CSCed68575