Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionCVE.org
A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco 350 Series Managed Switches (SG350) and Cisco 350X Series Stackable Managed Switches (SG350X) firmware could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to improper error handling when parsing response data for a specific SNMP request. An attacker could exploit this vulnerability by sending a specific SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMPv2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMPv3, the attacker must have valid SNMP user credentials for the affected system.
AnalysisAI
Cisco SG350 and SG350X managed switches can be remotely crashed via crafted SNMP requests, forcing unexpected device reloads. Authenticated attackers with valid SNMP credentials (read-only or read-write community strings for SNMPv1/v2c, or user credentials for SNMPv3) can trigger a heap-based buffer overflow in SNMP response parsing. Cisco confirmed this vulnerability affects all three SNMP versions (v1, v2c, v3) and published advisory cisco-sa-sg350-snmp-dos-GEFZr2Tj. EPSS and KEV status not provided in available data; exploitation requires network access with low complexity but does require valid SNMP authentication.
Technical ContextAI
This vulnerability affects the SNMP subsystem in Cisco Small Business 350 Series Managed Switches (SG350) and 350X Series Stackable Managed Switches (SG350X). The root cause is CWE-122 (Heap-based Buffer Overflow) occurring during SNMP response data parsing. When the SNMP agent processes certain malformed request types, improper error handling in the response parser leads to heap memory corruption. Unlike typical SNMP read-only vulnerabilities, this affects both read-only and read-write community string holders in SNMPv1/v2c deployments, as well as any valid SNMPv3 user regardless of privilege level. The vulnerability exists in the firmware's SNMP protocol stack across all three major SNMP versions, indicating a shared code path for response handling. The CPE identifier (cpe:2.3:a:cisco:cisco_small_business_smart_and_managed_switches) covers the entire Small Business switch product line, though the description specifically scopes this to SG350/SG350X models.
RemediationAI
Consult Cisco security advisory cisco-sa-sg350-snmp-dos-GEFZr2Tj at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg350-snmp-dos-GEFZr2Tj for vendor-confirmed patch availability and exact fixed firmware versions for SG350 and SG350X switches. Apply the recommended firmware update as soon as operationally feasible following change control procedures. If immediate patching is not possible, implement these compensating controls: restrict SNMP access using management interface ACLs to permit only trusted monitoring systems and administrator workstations by IP address; rotate all SNMP community strings (SNMPv1/v2c) and SNMPv3 user credentials to strong, unique values not shared with other devices; migrate from SNMPv1/v2c to SNMPv3 with authentication and encryption (authPriv) to reduce credential exposure risk; disable SNMP entirely on switches where it is not operationally required for monitoring or management. These mitigations reduce attack surface but do not eliminate the vulnerability - authenticated attackers with legitimate access can still trigger the DoS condition. Network segmentation limiting SNMP access to dedicated management VLANs provides defense-in-depth but may conflict with distributed monitoring architectures.
Same weakness CWE-122 – Heap-based Buffer Overflow
View allSame technique Heap Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-27857