{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/snmp/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["SG350 Series Managed Switches","SG350X Series Stackable Managed Switches"],"_cs_severities":["medium"],"_cs_tags":["snmp","denial-of-service","cve-2026-20185"],"_cs_type":"advisory","_cs_vendors":["Cisco"],"content_html":"\u003cp\u003eA vulnerability exists in the Simple Network Management Protocol (SNMP) subsystem of Cisco 350 Series Managed Switches (SG350) and Cisco 350X Series Stackable Managed Switches (SG350X). The flaw, identified as CVE-2026-20185, stems from improper error handling during the parsing of response data related to a specific SNMP request. To exploit this vulnerability via SNMPv2c or earlier, an attacker needs to know a valid read-write or read-only SNMP community string for the affected system. For SNMPv3 exploitation, valid SNMP user credentials are required. Cisco will not release software updates to address this vulnerability because the affected products are past their End of Software Maintenance Releases date.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker authenticates to the target switch via SNMP using valid credentials or community string.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a specific SNMP request designed to trigger the vulnerability.\u003c/li\u003e\n\u003cli\u003eThe attacker sends the malicious SNMP request to the targeted device.\u003c/li\u003e\n\u003cli\u003eThe device processes the SNMP request, and due to improper error handling, a parsing error occurs.\u003c/li\u003e\n\u003cli\u003eThe parsing error causes the SNMP subsystem to enter an unstable state.\u003c/li\u003e\n\u003cli\u003eThe device attempts to recover from the error, but the severity of the error triggers a system reload.\u003c/li\u003e\n\u003cli\u003eThe switch unexpectedly reloads, causing a denial-of-service condition.\u003c/li\u003e\n\u003cli\u003eNetwork services reliant on the switch\u0026rsquo;s functionality become unavailable until the device completes its reboot process.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability results in an unexpected device reload, leading to a denial-of-service condition. Any network services relying on the affected Cisco SG350 or SG350X series switch will be temporarily unavailable. The duration of the outage depends on the time it takes for the switch to reboot. Organizations using these switches may experience network disruptions impacting business operations.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSince Cisco will not be releasing patches for this vulnerability, implement access control lists to restrict SNMP access to only trusted hosts, mitigating the risk of unauthorized exploitation of CVE-2026-20185.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for suspicious SNMP requests, especially those originating from untrusted sources.\u003c/li\u003e\n\u003cli\u003eDisable SNMP versions 1, 2c, and 3 if not in use to reduce the attack surface.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-06T16:00:00Z","date_published":"2026-05-06T16:00:00Z","id":"/briefs/2024-01-cisco-sg350-snmp-dos/","summary":"A remote, authenticated attacker can cause a denial-of-service condition on vulnerable Cisco SG350 and SG350X Series Managed Switches by sending a crafted SNMP request due to improper error handling.","title":"Cisco SG350 and SG350X Series Managed Switches SNMP Denial-of-Service Vulnerability","url":"https://feed.craftedsignal.io/briefs/2024-01-cisco-sg350-snmp-dos/"}],"language":"en","title":"CraftedSignal Threat Feed — Snmp","version":"https://jsonfeed.org/version/1.1"}