SNMP Remote Code Execution Vulnerabilities in Cisco IOS and IOS XE Software

Description: The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities.

The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP – Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system.

As per CISCO official web page source, these vulnerabilities affect all releases of Cisco IOS and IOS XE Software prior to the first fixed release and they affect all versions of SNMP—Versions 1, 2c, and 3.

Related CVE numbers: CVE-2017-6736, CVE-2017-6737, CVE-2017-6738, CVE-2017-6739, CVE-2017-6740, CVE-2017-6741, CVE-2017-6742, CVE-2017-6743, CVE-2017-6744

Impact: A successful exploit could allow the attacker to execute arbitrary code and obtain full control of the affected system or cause the affected system to reload.

Mitigation:   Cisco will release software updates that addresses these vulnerabilities. Administrators are advised to allow only trusted users to have SNMP access on an affected system. Administrators are also advised to monitor affected systems by using the show snmp host command in the CLI. In addition, administrators can mitigate these vulnerabilities by disabling the following MIBs on a device:

  •     ADSL-LINE-MIB
  •     ALPS-MIB
  •     CISCO-ADSL-DMT-LINE-MIB
  •     CISCO-BSTUN-MIB
  •     CISCO-MAC-AUTH-BYPASS-MIB
  •     CISCO-SLB-EXT-MIB
  •     CISCO-VOICE-DNIS-MIB
  •     CISCO-VOICE-NUMBER-EXPANSION-MIB
  •     TN3270E-RT-MIB

Reference URL’s:

Share