Published: 19/08/2014 Updated: 29/08/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 446

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

The SNMP module in Cisco NX-OS 7.0(3)N1(1) and previous versions on Nexus 5000 and 6000 devices provides different error messages for invalid requests depending on whether the VLAN ID exists, which allows remote malicious users to enumerate VLANs via a series of requests, aka Bug ID CSCup85616.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco nx-os 5.2\\(1\\)n1\\(4\\)
cisco nx-os 5.2\\(1\\)n1\\(3\\)
cisco nx-os 5.2\\(1\\)n1\\(2a\\)
cisco nx-os 5.1\\(3\\)n2\\(1a\\)
cisco nx-os 5.1\\(3\\)n2\\(1\\)
cisco nx-os 5.0\\(2\\)n2\\(1a\\)
cisco nx-os 5.0\\(2\\)n2\\(1\\)
cisco nx-os 6.0\\(2\\)n2\\(1\\)
cisco nx-os 5.2\\(1\\)n1\\(8a\\)
cisco nx-os 5.2\\(1\\)n1\\(2\\)
cisco nx-os 5.2\\(1\\)n1\\(1b\\)
cisco nx-os 5.1\\(3\\)n1\\(1a\\)
cisco nx-os 5.1\\(3\\)n1\\(1\\)
cisco nx-os 5.0\\(3\\)n1\\(1c\\)
cisco nx-os 5.0\\(2\\)n1\\(1\\)
cisco nx-os 6.0\\(2\\)n1\\(2\\)
cisco nx-os
cisco nx-os 5.2\\(1\\)n1\\(6\\)
cisco nx-os 5.2\\(1\\)n1\\(5\\)
cisco nx-os 5.1\\(3\\)n2\\(1c\\)
cisco nx-os 5.1\\(3\\)n2\\(1b\\)
cisco nx-os 5.0\\(3\\)n2\\(2\\)
cisco nx-os 5.0\\(3\\)n2\\(1\\)
cisco nx-os 6.0\\(2\\)n2\\(3\\)
cisco nx-os 6.0\\(2\\)n2\\(2\\)
cisco nx-os 6.0\\(2\\)n2\\(1b\\)
cisco nx-os 7.0\\(0\\)n1\\(1\\)
cisco nx-os 6.0\\(2\\)n1\\(2a\\)
cisco nx-os 5.2\\(1\\)n1\\(8\\)
cisco nx-os 5.2\\(1\\)n1\\(7\\)
cisco nx-os 5.2\\(1\\)n1\\(1a\\)
cisco nx-os 5.2\\(1\\)n1\\(1\\)
cisco nx-os 5.0\\(3\\)n2\\(2b\\)
cisco nx-os 5.0\\(3\\)n2\\(2a\\)
cisco nx-os 6.0\\(2\\)n2\\(5\\)
cisco nx-os 6.0\\(2\\)n2\\(4\\)
cisco nx-os 7.0\\(2\\)n1\\(1\\)
cisco nx-os 7.0\\(1\\)n1\\(1\\)
cisco nexus_56128p -
cisco nexus_5000 -
cisco nexus_5596up -
cisco nexus_5020 -
cisco nexus_5020p_switch -
cisco nexus_5596t -
cisco nexus_5672up -
cisco nexus_5548p -
cisco nexus_5548up -
cisco nexus_5010 -
cisco nexus_5010p_switch -
cisco nexus_6004 -
cisco nexus_6004x -
cisco nexus_6001 -

A vulnerability in the Simple Network Management Protocol (SNMP) module of Cisco NX-OS Software could allow an unauthenticated, remote attacker to access sensitive information The vulnerability is due to a failure to respond to invalid requests in the same manner when specifying a VLAN ID An attacker could exploit this vulnerability by making a ...

A vulnerability in the SNMP module of NX-OS could allow an unauthenticated, remote attacker to disclose potentially sensitive information.

CVE ID: CVE-2014-3341 Cisco Bug ID: CSCup85616 Ref: toolsciscocom/security/center/viewAlertx?alertId=35338 Stringstxt Taken from fuzzdbgooglecodecom/svn-history/r127/trunk/wordlists-misc/wordlist-common-snmp-community-stringstxt NexusTaco is a snmp scanner that can be used both for internal testing and external testing to assess Cisco Nexus switches ( 5000

CVE-2014-3341 exploit

snmpvlan CVE ID: CVE-2014-3341 Cisco Bug ID: CSCup85616 NexusTaco is a snmp scanner that can be used both for internal testing and external testing to assess Cisco Nexus switches ( 5000 and 6000 family) There are many snmp scanners and brute forcers this was made for just completenessIt has the following features: *Finds Nexus switches specifically since they seem to reply

CWE-200 http://tools.cisco.com/security/center/viewAlert.x?alertId=35338 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3341 http://www.securitytracker.com/id/1030746 http://www.securityfocus.com/bid/69266 https://exchange.xforce.ibmcloud.com/vulnerabilities/95329 https://nvd.nist.gov https://github.com/IOActive/NexusTacos http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20140818-CVE-2014-3341

CVE-2014-3341

Vulnerability Summary

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect