Published: 19/08/2014 Updated: 29/08/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 446

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

The SNMP module in Cisco NX-OS 7.0(3)N1(1) and previous versions on Nexus 5000 and 6000 devices provides different error messages for invalid requests depending on whether the VLAN ID exists, which allows remote malicious users to enumerate VLANs via a series of requests, aka Bug ID CSCup85616.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco nx-os
cisco nx-os 5.0(2)n1(1)
cisco nx-os 5.0(2)n2(1)
cisco nx-os 5.0(2)n2(1a)
cisco nx-os 5.0(3)n1(1c)
cisco nx-os 5.0(3)n2(1)
cisco nx-os 5.0(3)n2(2)
cisco nx-os 5.0(3)n2(2a)
cisco nx-os 5.0(3)n2(2b)
cisco nx-os 5.1(3)n1(1)
cisco nx-os 5.1(3)n1(1a)
cisco nx-os 5.1(3)n2(1)
cisco nx-os 5.1(3)n2(1a)
cisco nx-os 5.1(3)n2(1b)
cisco nx-os 5.1(3)n2(1c)
cisco nx-os 5.2(1)n1(1)
cisco nx-os 5.2(1)n1(1a)
cisco nx-os 5.2(1)n1(1b)
cisco nx-os 5.2(1)n1(2)
cisco nx-os 5.2(1)n1(2a)
cisco nx-os 5.2(1)n1(3)
cisco nx-os 5.2(1)n1(4)
cisco nx-os 5.2(1)n1(5)
cisco nx-os 5.2(1)n1(6)
cisco nx-os 5.2(1)n1(7)
cisco nx-os 5.2(1)n1(8)
cisco nx-os 5.2(1)n1(8a)
cisco nx-os 6.0(2)n1(2)
cisco nx-os 6.0(2)n1(2a)
cisco nx-os 6.0(2)n2(1)
cisco nx-os 6.0(2)n2(1b)
cisco nx-os 6.0(2)n2(2)
cisco nx-os 6.0(2)n2(3)
cisco nx-os 6.0(2)n2(4)
cisco nx-os 6.0(2)n2(5)
cisco nx-os 7.0(0)n1(1)
cisco nx-os 7.0(1)n1(1)
cisco nx-os 7.0(2)n1(1)
cisco nexus 5000 -
cisco nexus 5010 -
cisco nexus 5010p switch -
cisco nexus 5020 -
cisco nexus 5020p switch -
cisco nexus 5548p -
cisco nexus 5548up -
cisco nexus 5596t -
cisco nexus 5596up -
cisco nexus 56128p -
cisco nexus 5672up -
cisco nexus 6001 -
cisco nexus 6004 -
cisco nexus 6004x -

A vulnerability in the Simple Network Management Protocol (SNMP) module of Cisco NX-OS Software could allow an unauthenticated, remote attacker to access sensitive information The vulnerability is due to a failure to respond to invalid requests in the same manner when specifying a VLAN ID An attacker could exploit this vulnerability by making a ...

A vulnerability in the SNMP module of NX-OS could allow an unauthenticated, remote attacker to disclose potentially sensitive information.

CVE ID: CVE-2014-3341 Cisco Bug ID: CSCup85616 Ref: toolsciscocom/security/center/viewAlertx?alertId=35338 Stringstxt Taken from fuzzdbgooglecodecom/svn-history/r127/trunk/wordlists-misc/wordlist-common-snmp-community-stringstxt NexusTaco is a snmp scanner that can be used both for internal testing and external testing to assess Cisco Nexus switches ( 5000

CVE-2014-3341 exploit

snmpvlan CVE ID: CVE-2014-3341 Cisco Bug ID: CSCup85616 NexusTaco is a snmp scanner that can be used both for internal testing and external testing to assess Cisco Nexus switches ( 5000 and 6000 family) There are many snmp scanners and brute forcers this was made for just completenessIt has the following features: *Finds Nexus switches specifically since they seem to reply

CWE-200 http://tools.cisco.com/security/center/viewAlert.x?alertId=35338 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3341 http://www.securitytracker.com/id/1030746 http://www.securityfocus.com/bid/69266 https://exchange.xforce.ibmcloud.com/vulnerabilities/95329 https://nvd.nist.gov https://github.com/IOActive/NexusTacos http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20140818-CVE-2014-3341

CVE-2014-3341

Vulnerability Summary

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect