Vulnerability-Lookup

CVE-2026-20185 (GCVE-0-2026-20185)

Vulnerability from cvelistv5 – Published: 2026-05-06 16:15 – Updated: 2026-05-06 17:48

Title

Cisco SG350 and SG350X Series Managed Switches SNMP Denial of Service Vunerability

Summary

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco 350 Series Managed Switches (SG350) and Cisco 350X Series Stackable Managed Switches (SG350X) firmware could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.  This vulnerability is due to improper error handling when parsing response data for a specific SNMP request. An attacker could exploit this vulnerability by sending a specific SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMPv2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMPv3, the attacker must have valid SNMP user credentials for the affected system.

Severity ?

7.7 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

CWE

CWE-122 - Heap-based Buffer Overflow

Assigner

cisco

References

URL

Tags

https://sec.cloudapps.cisco.com/security/center/c…

Impacted products

	Vendor	Product	Version
	Cisco	Cisco Small Business Smart and Managed Switches	Affected: 2.5.9.54 Affected: 2.5.9.55

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20185",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-06T17:36:31.829064Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-06T17:48:26.175Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Small Business Smart and Managed Switches",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "2.5.9.54"
            },
            {
              "status": "affected",
              "version": "2.5.9.55"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of\u0026nbsp;Cisco 350 Series Managed Switches (SG350) and Cisco 350X Series Stackable Managed Switches (SG350X)\u0026nbsp;firmware could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\u0026nbsp;\r\n\r\nThis vulnerability is due to improper error handling when parsing response data for a specific SNMP request. An attacker could exploit this vulnerability by sending a specific SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition.\r\nThis vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMPv2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMPv3, the attacker must have valid SNMP user credentials for the affected system."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "Heap-based Buffer Overflow",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-06T16:15:23.838Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-sg350-snmp-dos-GEFZr2Tj",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg350-snmp-dos-GEFZr2Tj"
        }
      ],
      "source": {
        "advisory": "cisco-sa-sg350-snmp-dos-GEFZr2Tj",
        "defects": [
          "CSCwt39853"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Cisco SG350 and SG350X Series Managed Switches SNMP Denial of Service Vunerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2026-20185",
    "datePublished": "2026-05-06T16:15:23.838Z",
    "dateReserved": "2025-10-08T11:59:15.394Z",
    "dateUpdated": "2026-05-06T17:48:26.175Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-20185",
      "date": "2026-05-07",
      "epss": "0.00174",
      "percentile": "0.38454"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-20185\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2026-05-06T17:16:21.050\",\"lastModified\":\"2026-05-06T18:59:53.230\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of\u0026nbsp;Cisco 350 Series Managed Switches (SG350) and Cisco 350X Series Stackable Managed Switches (SG350X)\u0026nbsp;firmware could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\u0026nbsp;\\r\\n\\r\\nThis vulnerability is due to improper error handling when parsing response data for a specific SNMP request. An attacker could exploit this vulnerability by sending a specific SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition.\\r\\nThis vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMPv2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMPv3, the attacker must have valid SNMP user credentials for the affected system.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\",\"baseScore\":7.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.1,\"impactScore\":4.0}]},\"weaknesses\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-122\"}]}],\"references\":[{\"url\":\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg350-snmp-dos-GEFZr2Tj\",\"source\":\"psirt@cisco.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-20185\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-06T17:36:31.829064Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-06T17:36:35.239Z\"}}], \"cna\": {\"title\": \"Cisco SG350 and SG350X Series Managed Switches SNMP Denial of Service Vunerability\", \"source\": {\"defects\": [\"CSCwt39853\"], \"advisory\": \"cisco-sa-sg350-snmp-dos-GEFZr2Tj\", \"discovery\": \"EXTERNAL\"}, \"metrics\": [{\"format\": \"cvssV3_1\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 7.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"Cisco\", \"product\": \"Cisco Small Business Smart and Managed Switches\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.5.9.54\"}, {\"status\": \"affected\", \"version\": \"2.5.9.55\"}], \"defaultStatus\": \"unknown\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.\"}], \"references\": [{\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg350-snmp-dos-GEFZr2Tj\", \"name\": \"cisco-sa-sg350-snmp-dos-GEFZr2Tj\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of\u0026nbsp;Cisco 350 Series Managed Switches (SG350) and Cisco 350X Series Stackable Managed Switches (SG350X)\u0026nbsp;firmware could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\u0026nbsp;\\r\\n\\r\\nThis vulnerability is due to improper error handling when parsing response data for a specific SNMP request. An attacker could exploit this vulnerability by sending a specific SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition.\\r\\nThis vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMPv2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMPv3, the attacker must have valid SNMP user credentials for the affected system.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"cwe\", \"cweId\": \"CWE-122\", \"description\": \"Heap-based Buffer Overflow\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2026-05-06T16:15:23.838Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-20185\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-06T17:48:26.175Z\", \"dateReserved\": \"2025-10-08T11:59:15.394Z\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2026-05-06T16:15:23.838Z\", \"assignerShortName\": \"cisco\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

GHSA-7RQ4-MV4G-6VCP

Vulnerability from github – Published: 2026-05-06 18:30 – Updated: 2026-05-06 18:30

Details

This vulnerability is due to improper error handling when parsing response data for a specific SNMP request. An attacker could exploit this vulnerability by sending a specific SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMPv2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMPv3, the attacker must have valid SNMP user credentials for the affected system.

Severity ?

7.7 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2026-20185"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-122"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-06T17:16:21Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of\u0026nbsp;Cisco 350 Series Managed Switches (SG350) and Cisco 350X Series Stackable Managed Switches (SG350X)\u0026nbsp;firmware could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\u0026nbsp;\n\nThis vulnerability is due to improper error handling when parsing response data for a specific SNMP request. An attacker could exploit this vulnerability by sending a specific SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition.\nThis vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMPv2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMPv3, the attacker must have valid SNMP user credentials for the affected system.",
  "id": "GHSA-7rq4-mv4g-6vcp",
  "modified": "2026-05-06T18:30:31Z",
  "published": "2026-05-06T18:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20185"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg350-snmp-dos-GEFZr2Tj"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2026-20185

Vulnerability from fkie_nvd - Published: 2026-05-06 17:16 - Updated: 2026-05-06 18:59

Severity ?

7.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Summary

References

	URL	Tags
	psirt@cisco.com	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg350-snmp-dos-GEFZr2Tj

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of\u0026nbsp;Cisco 350 Series Managed Switches (SG350) and Cisco 350X Series Stackable Managed Switches (SG350X)\u0026nbsp;firmware could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\u0026nbsp;\r\n\r\nThis vulnerability is due to improper error handling when parsing response data for a specific SNMP request. An attacker could exploit this vulnerability by sending a specific SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition.\r\nThis vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMPv2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMPv3, the attacker must have valid SNMP user credentials for the affected system."
    }
  ],
  "id": "CVE-2026-20185",
  "lastModified": "2026-05-06T18:59:53.230",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.7,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 4.0,
        "source": "psirt@cisco.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2026-05-06T17:16:21.050",
  "references": [
    {
      "source": "psirt@cisco.com",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg350-snmp-dos-GEFZr2Tj"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-122"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Primary"
    }
  ]
}

CERTFR-2026-AVI-0544

Vulnerability from certfr_avis - Published: 2026-05-07 - Updated: 2026-05-07

De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une falsification de requêtes côté serveur (SSRF).

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

L'éditeur indique que les appareils SG350 et SG350X ne sont plus supportés et ne recevront pas de correctif, mais propose une mesure de contournement pour la vulnérabilité CVE-2026-20185.

Impacted products

Vendor	Product	Description
Cisco	N/A	Unity Connection versions antérieures à 14SU5
Cisco	N/A	NSO versions antérieures à 6.4.1.3
Cisco	N/A	Unity Connection versions 15.0 antérieures à 15SU4
Cisco	N/A	SG350 et SG350X toutes versions
Cisco	N/A	CNC versions antérieures à 7.2
Cisco	N/A	IoT Field Network Director versions antérieures à 5.0.0-117

References

Title

Publication Time

CISCO-SA-SG350-SNMP-DOS-GEFZR2TJ

Vulnerability from csaf_cisco - Published: 2026-05-06 16:00 - Updated: 2026-05-06 16:00

Summary

Cisco SG350 and SG350X Series Managed Switches SNMP Denial of Service Vulnerability

Notes

Summary: A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco 350 Series Managed Switches (SG350) and Cisco 350X Series Stackable Managed Switches (SG350X) firmware could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error handling when parsing response data for a specific SNMP request. An attacker could exploit this vulnerability by sending a specific SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMPv2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMPv3, the attacker must have valid SNMP user credentials for the affected system. Cisco has not released and will not release software updates that address this vulnerability because the affected products are past the date for End of Software Maintenance Releases. The Cisco Product Security Incident Response Team (PSIRT) will continue to evaluate and disclose security vulnerabilities that affect these products until the Last Date of Support is reached. There are no workarounds that address this vulnerability. However, there is a mitigation.

Vulnerable Products: This vulnerability affects the following Cisco products if they are running Cisco SG350 and SG350X Series Managed Switch Firmware Release 2.5.9.54 or 2.5.9.55 and have two or more 60-watt Power over Ethernet (PoE) ports enabled: SG350-28P Switches SG350-28MP Switches SG350-52P Switches SG350-52MP Switches SG350X Series Switches Determine the Device Configuration To determine whether a device has SNMPv1 or v2c enabled, use the show running-config | include snmp-server community CLI command. If there is output, SNMP is enabled, as shown in the following example: Switch# show running-config | include snmp-server community snmp-server community public ro To determine whether a device has SNMPv3 enabled, use the show running-config | include snmp-server group and show snmp user CLI commands. If there is output from both commands, SNMPv3 is enabled, as shown in the following example: Switch# show running-config | include snmp-server group snmp-server group v3group v3 noauth Switch# show snmp user User name: remoteuser1 Engine ID: 800000090300EE01E71C178C storage-type: nonvolatile active Authentication Protocol: SHA Privacy Protocol: None Group-name: v3group To determine whether a device has 60 Watt PoE ports enabled, use the show running-config | include interface|power inline limit 60000. There must be two or more 60-watt ports configured, as shown in the following example: Switch# show running-config | include interface|power inline limit 60000 interface vlan 1 interface vlan 10 interface FiveGigabitEthernet1/0/5 power inline limit 60000 interface FiveGigabitEthernet1/0/6 power inline limit 60000

Products Confirmed Not Vulnerable: Only products listed in the Vulnerable Products ["#vp"] section of this advisory are known to be affected by this vulnerability.

Workarounds: There are no workarounds that address this vulnerability. However, as a mitigation, administrators may disable the vulnerable object ID (OID) on a device. To disable and exclude the OID, complete the following steps: 1. Create a new SNMP view excluding the affected OID. Use the following commands: snmp-server view SNMP_DOS iso included snmp-server view SNMP_DOS rlPethPsePortTable excluded 2. Apply the view to the SNMP community or SNMP v3 group: For SNMP v1 or v2c, apply this configuration to all configured community strings. Use the following command: snmp-server community mycomm view SNMP_DOS RO For SNMPv3, apply this to all configured SNMP users. Use the following command: snmp-server group v3group v3 auth read SNMP_DOS write SNMP_DOS

Fixed Software: Cisco SG350 and SG350X are past their respective dates for End of Software Maintenance Releases. For this reason, Cisco has not released and will not release software updates to address the vulnerability that is described in this advisory. Customers are advised to refer to the end-of-life notices for these products: End-of-Sale and End-of-Life Announcement for the Cisco 350 Series Managed Switches ["https://www.cisco.com/c/en/us/products/collateral/switches/350-series-managed-switches/350-series-managed-switches-eol.html"] End-of-Sale and End-of-Life Announcement for the Cisco 350X Series Stackable Managed Switches ["https://www.cisco.com/c/en/us/products/collateral/switches/350x-series-stackable-managed-switches/eos-eol-notice-c51-2442212.html"] When considering a device migration, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page ["https://www.cisco.com/go/psirt"], to determine exposure and a complete upgrade solution. In all cases, customers should ensure that any new product will be sufficient for their network needs and that current hardware and software configurations will continue to be supported properly by the new product. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.

Vulnerability Policy: To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy ["http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.

Exploitation and Public Announcements: The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Source: Cisco would like to thank security researcher Ryan Moore for reporting this vulnerability.

Legal Disclaimer: SOFTWARE DOWNLOADS AND TECHNICAL SUPPORT The Cisco Support and Downloads ["https://www.cisco.com/c/en/us/support/index.html"] page on Cisco.com provides information about licensing and downloads. This page can also display customer device support coverage for customers who use the My Devices tool. Please note that customers may download only software that was procured from Cisco directly or through a Cisco authorized reseller or partner and for which the license is still valid. Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco Technical Assistance Center (TAC) ["https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html"]. Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade. When considering software upgrades ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"], customers are advised to regularly consult the advisories ["https://www.cisco.com/go/psirt"] for the relevant Cisco products to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) ["https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html"] or their contracted maintenance providers. LEGAL DISCLAIMER DETAILS CISCO DOES NOT MAKE ANY EXPRESS OR IMPLIED GUARANTEES OR WARRANTIES OF ANY KIND, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, CISCO DOES NOT GUARANTEE THE ACCURACY OR COMPLETENESS OF THIS INFORMATION. THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. Copies or summaries of the information contained in this Security Advisory may lack important information or contain factual errors. Customers are advised to visit the Cisco Security Advisories ["https://www.cisco.com/go/psirt"] page for the most recent version of this Security Advisory. The Cisco Product Security Incident Response Team (PSIRT) assesses only the affected and fixed release information that is documented in this advisory. See the Cisco Security Vulnerability Policy ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"] for more information.

CVE-2026-20185

7.7 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Vendor Fix Cisco has released software updates that address this vulnerability. https://software.cisco.com

References

URL

Category

	https://sec.cloudapps.cisco.com/security/center/c…	self
	https://sec.cloudapps.cisco.com/security/center/r…	external
	https://www.cisco.com/c/en/us/products/collateral…	external
	https://www.cisco.com/c/en/us/products/collateral…	external
	https://www.cisco.com/go/psirt	external
	http://www.cisco.com/web/about/security/psirt/sec…	external
	https://www.cisco.com/c/en/us/support/index.html	external
	https://www.cisco.com/c/en/us/support/web/tsd-cis…	external
	https://sec.cloudapps.cisco.com/security/center/r…	external

Acknowledgments

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "summary": "Cisco would like to thank security researcher Ryan Moore for reporting this vulnerability."
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "notes": [
      {
        "category": "summary",
        "text": "A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco 350 Series Managed Switches (SG350) and Cisco 350X Series Stackable Managed Switches (SG350X) firmware could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThis vulnerability is due to improper error handling when parsing response data for a specific SNMP request. An attacker could exploit this vulnerability by sending a specific SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition.\r\n\r\nThis vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMPv2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMPv3, the attacker must have valid SNMP user credentials for the affected system.\r\n\r\nCisco has not released and will not release software updates that address this vulnerability because the affected products are past the date for End of Software Maintenance Releases. The Cisco Product Security Incident Response Team (PSIRT) will continue to evaluate and disclose security vulnerabilities that affect these products until the Last Date of Support is reached.\r\n\r\nThere are no workarounds that address this vulnerability. However, there is a mitigation.\r\n\r\n",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "This vulnerability affects the following Cisco products if they are running Cisco SG350 and SG350X Series Managed Switch Firmware Release 2.5.9.54 or 2.5.9.55 and have two or more 60-watt Power over Ethernet (PoE) ports enabled:\r\n\r\nSG350-28P Switches\r\nSG350-28MP Switches\r\nSG350-52P Switches\r\nSG350-52MP Switches\r\nSG350X Series Switches\r\n  Determine the Device Configuration\r\nTo determine whether a device has SNMPv1 or v2c enabled, use the show running-config | include snmp-server community CLI command. If there is output, SNMP is enabled, as shown in the following example:\r\n\r\n\r\nSwitch#  show running-config | include snmp-server community\r\nsnmp-server community public ro\r\n\r\nTo determine whether a device has SNMPv3 enabled, use the show running-config | include snmp-server group and show snmp user CLI commands. If there is output from both commands, SNMPv3 is enabled, as shown in the following example:\r\n\r\n\r\nSwitch#  show running-config | include snmp-server group\r\nsnmp-server group v3group v3 noauth\r\n\r\nSwitch#  show snmp user\r\nUser name: remoteuser1\r\nEngine ID: 800000090300EE01E71C178C\r\nstorage-type: nonvolatile     active\r\nAuthentication Protocol: SHA\r\nPrivacy Protocol: None\r\nGroup-name: v3group\r\n\r\nTo determine whether a device has 60 Watt PoE ports enabled, use the show running-config | include interface|power inline limit 60000. There must be two or more 60-watt ports configured, as shown in the following example:\r\n\r\n\r\nSwitch#  show running-config | include interface|power inline limit 60000\r\n\r\ninterface vlan 1\r\ninterface vlan 10\r\ninterface FiveGigabitEthernet1/0/5\r\n  power inline limit 60000\r\ninterface FiveGigabitEthernet1/0/6\r\n  power inline limit 60000",
        "title": "Vulnerable Products"
      },
      {
        "category": "general",
        "text": "Only products listed in the Vulnerable Products [\"#vp\"] section of this advisory are known to be affected by this vulnerability.",
        "title": "Products Confirmed Not Vulnerable"
      },
      {
        "category": "general",
        "text": "There are no workarounds that address this vulnerability. However, as a mitigation, administrators may disable the vulnerable object ID (OID) on a device.\r\n\r\nTo disable and exclude the OID, complete the following steps:\r\n\r\n1. Create a new SNMP view excluding the affected OID. Use the following commands:\r\n\r\n\r\nsnmp-server view SNMP_DOS iso included\r\nsnmp-server view SNMP_DOS rlPethPsePortTable excluded\r\n\r\n2. Apply the view to the SNMP community or SNMP v3 group:\r\n\r\nFor SNMP v1 or v2c, apply this configuration to all configured community strings. Use the following command:\r\n\r\n\r\nsnmp-server community mycomm view SNMP_DOS RO\r\n\r\nFor SNMPv3, apply this to all configured SNMP users. Use the following command:\r\n\r\n\r\nsnmp-server group v3group v3 auth read SNMP_DOS write SNMP_DOS",
        "title": "Workarounds"
      },
      {
        "category": "general",
        "text": "Cisco SG350 and SG350X are past their respective dates for End of Software Maintenance Releases. For this reason, Cisco has not released and will not release software updates to address the vulnerability that is described in this advisory. Customers are advised to refer to the end-of-life notices for these products:\r\n\r\nEnd-of-Sale and End-of-Life Announcement for the Cisco 350 Series Managed Switches [\"https://www.cisco.com/c/en/us/products/collateral/switches/350-series-managed-switches/350-series-managed-switches-eol.html\"]\r\n\r\nEnd-of-Sale and End-of-Life Announcement for the Cisco 350X Series Stackable Managed Switches [\"https://www.cisco.com/c/en/us/products/collateral/switches/350x-series-stackable-managed-switches/eos-eol-notice-c51-2442212.html\"]\r\n\r\nWhen considering a device migration, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page [\"https://www.cisco.com/go/psirt\"], to determine exposure and a complete upgrade solution.\r\n\r\nIn all cases, customers should ensure that any new product will be sufficient for their network needs and that current hardware and software configurations will continue to be supported properly by the new product. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.",
        "title": "Fixed Software"
      },
      {
        "category": "general",
        "text": "To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy [\"http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html\"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.",
        "title": "Vulnerability Policy"
      },
      {
        "category": "general",
        "text": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.",
        "title": "Exploitation and Public Announcements"
      },
      {
        "category": "general",
        "text": "Cisco would like to thank security researcher Ryan Moore for reporting this vulnerability.",
        "title": "Source"
      },
      {
        "category": "legal_disclaimer",
        "text": "SOFTWARE DOWNLOADS AND TECHNICAL SUPPORT\r\n\r\nThe Cisco Support and Downloads [\"https://www.cisco.com/c/en/us/support/index.html\"] page on Cisco.com provides information about licensing and downloads. This page can also display customer device support coverage for customers who use the My Devices tool. Please note that customers may download only software that was procured from Cisco directly or through a Cisco authorized reseller or partner and for which the license is still valid.\r\n\r\nCustomers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco Technical Assistance Center (TAC) [\"https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html\"]. Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade.\r\n\r\nWhen considering software upgrades [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes\"], customers are advised to regularly consult the advisories [\"https://www.cisco.com/go/psirt\"] for the relevant Cisco products to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) [\"https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html\"] or their contracted maintenance providers.\r\nLEGAL DISCLAIMER DETAILS\r\n\r\nCISCO DOES NOT MAKE ANY EXPRESS OR IMPLIED GUARANTEES OR WARRANTIES OF ANY KIND, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. WITHOUT LIMITING THE GENERALITY OF THE FOREGOING, CISCO DOES NOT GUARANTEE THE ACCURACY OR COMPLETENESS OF THIS INFORMATION. THIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.\r\n\r\nCopies or summaries of the information contained in this Security Advisory may lack important information or contain factual errors. Customers are advised to visit the Cisco Security Advisories [\"https://www.cisco.com/go/psirt\"] page for the most recent version of this Security Advisory. The Cisco Product Security Incident Response Team (PSIRT) assesses only the affected and fixed release information that is documented in this advisory. See the Cisco Security Vulnerability Policy [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes\"] for more information.",
        "title": "Legal Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@cisco.com",
      "issuing_authority": "Cisco PSIRT",
      "name": "Cisco",
      "namespace": "https://wwww.cisco.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "Cisco SG350 and SG350X Series Managed Switches SNMP Denial of Service Vulnerability",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sg350-snmp-dos-GEFZr2Tj"
      },
      {
        "category": "external",
        "summary": "Cisco Security Vulnerability Policy",
        "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"
      },
      {
        "category": "external",
        "summary": "End-of-Sale and End-of-Life Announcement for the Cisco 350 Series Managed Switches",
        "url": "https://www.cisco.com/c/en/us/products/collateral/switches/350-series-managed-switches/350-series-managed-switches-eol.html"
      },
      {
        "category": "external",
        "summary": "End-of-Sale and End-of-Life Announcement for the Cisco 350X Series Stackable Managed Switches",
        "url": "https://www.cisco.com/c/en/us/products/collateral/switches/350x-series-stackable-managed-switches/eos-eol-notice-c51-2442212.html"
      },
      {
        "category": "external",
        "summary": "Cisco Security Advisories page",
        "url": "https://www.cisco.com/go/psirt"
      },
      {
        "category": "external",
        "summary": "Security Vulnerability Policy",
        "url": "http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html"
      },
      {
        "category": "external",
        "summary": "Cisco Support and Downloads",
        "url": "https://www.cisco.com/c/en/us/support/index.html"
      },
      {
        "category": "external",
        "summary": "Cisco Technical Assistance Center (TAC)",
        "url": "https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html"
      },
      {
        "category": "external",
        "summary": "considering software upgrades",
        "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"
      }
    ],
    "title": "Cisco SG350 and SG350X Series Managed Switches SNMP Denial of Service Vulnerability",
    "tracking": {
      "current_release_date": "2026-05-06T16:00:00+00:00",
      "generator": {
        "date": "2026-05-06T15:56:26+00:00",
        "engine": {
          "name": "TVCE"
        }
      },
      "id": "cisco-sa-sg350-snmp-dos-GEFZr2Tj",
      "initial_release_date": "2026-05-06T16:00:00+00:00",
      "revision_history": [
        {
          "date": "2026-05-06T15:56:10+00:00",
          "number": "1.0.0",
          "summary": "Initial public release."
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_family",
            "name": "Cisco Small Business Smart and Managed Switches",
            "product": {
              "name": "Cisco Small Business Smart and Managed Switches ",
              "product_id": "CSAFPID-278027"
            }
          }
        ],
        "category": "vendor",
        "name": "Cisco"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-20185",
      "ids": [
        {
          "system_name": "Cisco Bug ID",
          "text": "CSCwt39853"
        }
      ],
      "notes": [
        {
          "category": "other",
          "text": "Complete.",
          "title": "Affected Product Comprehensiveness"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-278027"
        ]
      },
      "release_date": "2026-05-06T16:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Cisco has released software updates that address this vulnerability.",
          "product_ids": [
            "CSAFPID-278027"
          ],
          "url": "https://software.cisco.com"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-278027"
          ]
        }
      ],
      "title": "Cisco SG350 and SG350X Series Managed Switches SNMP Denial of Service Vunerability"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-20185 (GCVE-0-2026-20185)

GHSA-7RQ4-MV4G-6VCP

FKIE_CVE-2026-20185

CERTFR-2026-AVI-0544

Solutions

CISCO-SA-SG350-SNMP-DOS-GEFZR2TJ

Tags

Sightings

Nomenclature