1. Home
  2. CVE Database
  3. CVE-2014-3341
MEDIUM · 5.0

CVE-2014-3341

The SNMP module in Cisco NX-OS 7.0(3)N1(1) and earlier on Nexus 5000 and 6000 devices provides different error messages for invalid requests depending on whether the VLAN ID exists, which allows remot...

Vulnerability Description

The SNMP module in Cisco NX-OS 7.0(3)N1(1) and earlier on Nexus 5000 and 6000 devices provides different error messages for invalid requests depending on whether the VLAN ID exists, which allows remote attackers to enumerate VLANs via a series of requests, aka Bug ID CSCup85616.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:P/I:N/A:N
Confidentiality
PARTIAL
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
CiscoNx-Os<= 7.0\(3\)n1\(1\)
CiscoNexus 5000-
CiscoNexus 5010-
CiscoNexus 5010P Switch-
CiscoNexus 5020-
CiscoNexus 5020P Switch-
CiscoNexus 5548P-
CiscoNexus 5548Up-
CiscoNexus 5596T-
CiscoNexus 5596Up-
CiscoNexus 56128P-
CiscoNexus 5672Up-
CiscoNexus 6001-
CiscoNexus 6004-
CiscoNexus 6004X-

Related Weaknesses (CWE)

CWE-200

References

FAQ

What is CVE-2014-3341?

CVE-2014-3341 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The SNMP module in Cisco NX-OS 7.0(3)N1(1) and earlier on Nexus 5000 and 6000 devices provides different error messages for invalid requests depending on whether the VLAN ID exists, which allows remot...

How severe is CVE-2014-3341?

CVE-2014-3341 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-3341?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Nx-Os, Cisco Nexus 5000, Cisco Nexus 5010, Cisco Nexus 5010P Switch, Cisco Nexus 5020.