Cisco SNMP Remote Code Execution Vulnerabilities

Daniel RuizBy Daniel Ruiz
Practice Lead, Network Infrastructure

The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to execute code remotely on an affected system or cause an affected system to reload.

An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6.

The vulnerabilities affect all versions of SNMP, including versions 1, 2c, and 3.

To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system.

To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system.

Customers are recommended to apply the workaround as contained in the Workarounds section below.

Fixed software information is available via the Cisco IOS Software Checker. All devices enabling SNMP and not explicitly excluding the affected MIBs or OIDs should be considered vulnerable.

Affected Products:

These vulnerabilities affect all Cisco IOS and IOS XE software releases and all SNMP-Versions 1, 2c, and 3.

Devices configured with any of the following MIBs are vulnerable:

  • ADSL-LINE-MIB
  • ALPS-MIB
  • CISCO-ADSL-DMT-LINE-MIB
  • CISCO-BSTUN-MIB
  • CISCO-MAC-AUTH-BYPASS-MIB
  • CISCO-SLB-EXT-MIB
  • CISCO-VOICE-DNIS-MIB
  • CISCO-VOICE-NUMBER-EXPANSION-MIB
  • TN3270E-RT-MIB

Workarounds:

Administrators should allow only trusted users SNMP access on an affected system and can monitor affected systems using the show SNMP host command in the CLI.

In addition, administrators can mitigate these vulnerabilities by disabling the following MIBs on a device:

  • ADSL-LINE-MIB
  • ALPS-MIB
  • CISCO-ADSL-DMT-LINE-MIB
  • CISCO-BSTUN-MIB
  • CISCO-MAC-AUTH-BYPASS-MIB
  • CISCO-SLB-EXT-MIB
  • CISCO-VOICE-DNIS-MIB
  • CISCO-VOICE-NUMBER-EXPANSION-MIB
  • TN3270E-RT-MIB

Cisco IOS and IOS XE Software Checker

To help customers determine their exposure to vulnerabilities in Cisco IOS and IOS XE Software, Cisco provides a tool, the Cisco IOS Software Checker, that identifies any Cisco Security Advisories that impact a specific software release and the earliest release that fixes the vulnerabilities described in each advisory (“First Fixed”)

If you want more information or assistance from our industry-leading team of Networking experts to plan and execute the upgrade, please contact us at service@helient.com.