Nine SNMP MIBs vulnerable. Cisco’s been caught out by the venerable Simple Network Management Protocol, turning up nine bugs in IOS and IOS XE that appear in all SNMP versions.
Its implementation of SNMP v1, v2c and v3 – in other words, all versions in use – has a buffer overflow condition that in the right conditions can be exploited for denial-of-service and remote code execution.
The two older versions are vulnerable if an attacker knows a network’s read-only SNMP community string; SNMP v3 is only vulnerable if an attacker has user credentials for the affected system.
There are nine CVEs associated with the bug (CVE-2017-6736, CVE-2017-6737, CVE-2017-6738, CVE-2017-6739, CVE-2017-6740, CVE-2017-6741, CVE-2017-6742, CVE-2017-6743, CVE-2017-6744), reflecting the nine SNMP Management Information Bases (MIBs) it appears in:
- ADSL-LINE-MIB
- ALPS-MIB
- CISCO-ADSL-DMT-LINE-MIB
- CISCO-BSTUN-MIB
- CISCO-MAC-AUTH-BYPASS-MIB
- CISCO-SLB-EXT-MIB
- CISCO-VOICE-DNIS-MIB
- CISCO-VOICE-NUMBER-EXPANSION-MIB
- TN3270E-RT-MIB
Switchzilla says it’s working on software updates. In the meantime, sysadmins need to restrict SNMP access, and if they can, disable the vulnerable MIBs.
Source:https://www.theregister.co.uk/2017/06/30/management_bug_can_crash_cisco_ios_ios_xe/
Working as a cyber security solutions architect, Alisa focuses on application and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.