CVE-2026-20185
Denial of Service in Cisco SG350 Series Switches
Publication date: 2026-05-06
Last updated on: 2026-05-06
Assigner: Cisco Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cisco | 350_series_managed_switches | * |
| cisco | 350x_series_stackable_managed_switches | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-122 | A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Simple Network Management Protocol (SNMP) subsystem of Cisco 350 Series Managed Switches (SG350) and Cisco 350X Series Stackable Managed Switches (SG350X) firmware.
It is caused by improper error handling when parsing response data for a specific SNMP request. An authenticated, remote attacker can exploit this by sending a specially crafted SNMP request to the affected device.
Successful exploitation causes the device to reload unexpectedly, resulting in a denial of service (DoS) condition.
The vulnerability affects SNMP versions 1, 2c, and 3. To exploit SNMPv2c or earlier, the attacker must know a valid SNMP community string (read-write or read-only). For SNMPv3, valid SNMP user credentials are required.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an authenticated remote attacker to cause a denial of service (DoS) condition on your Cisco 350 or 350X Series Managed Switch.
The attacker can cause the device to reload unexpectedly, which disrupts network operations and availability.
Since the vulnerability requires valid SNMP credentials, unauthorized users without these credentials cannot exploit it, but if credentials are compromised, the risk increases.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves exploitation via a specific SNMP request that causes improper error handling and device reload. Detection would require monitoring SNMP traffic for unusual or crafted SNMP requests targeting the affected devices.
Since exploitation requires valid SNMP community strings or user credentials, verifying SNMP access logs for suspicious SNMP requests or failed authentication attempts could help detect attempts.
No specific detection commands or tools are provided in the available information.
What immediate steps should I take to mitigate this vulnerability?
Cisco advises that no software updates will be released to fix this issue as the affected products are past their End of Software Maintenance Releases.
The recommended mitigation is to disable the vulnerable SNMP Object Identifier (OID) to prevent exploitation.
Additionally, customers are advised to consider migrating to supported products to avoid this and other vulnerabilities.