SNMP Packet Handling Issue in Cisco Nexus Devices
CVE-2015-6260

7.5HIGH

Key Information:

Vendor: Zyxel
Status: Gs1900-10HP Firmware
Vendor: CVE Published:; 3 March 2016

What is CVE-2015-6260?

Cisco NX-OS 7.1(1)N1(1) on Nexus 5500, 5600, and 6000 devices lacks proper validation of Protocol Data Units (PDUs) in SNMP packets. This security gap allows remote attackers to craft specially designed packets, leading to a denial of service by triggering an unexpected restart of the SNMP application. Such exploits can severely disrupt network operations, making it essential for organizations to apply the recommended patches and secure their systems.

References

http://www.securitytracker.com/id/1035158

vdb-entryx_refsource_SECTRACK

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 3, 2016
Vulnerability Reserved
Aug 17, 2015

Zyxel

What is CVE-2015-6260?

References

CVSS V3.1

Timeline