SNMP Information Disclosure in Cisco NX-OS on Nexus 5000 and 6000 Devices
CVE-2014-3341

Currently unrated

Key Information:

Vendor: Cisco
Status: Nx-os; Nexus 5000; Nexus 5010; Nexus 5010p Switch
Vendor: CVE Published:; 19 August 2014

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 24%

Summary

The SNMP module in Cisco NX-OS versions 7.0(3)N1(1) and earlier on Nexus 5000 and 6000 devices allows remote attackers to exploit variations in error messages. This inconsistency permits attackers to identify existing VLANs through systematic queries, thereby compromising network integrity and security.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

snmpvlan
Created by ehabhussein

References

http://tools.cisco.com/security/center/viewAlert.x?alertI...

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/95329

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/69266

vdb-entryx_refsource_BID

EPSS Score

24% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 19, 2014
🟡
Public PoC available
Jun 28, 2014
👾
Exploit known to exist
Jun 28, 2014
Vulnerability Reserved
May 7, 2014