Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability

🚨 SEVERITY: HIGH β€” CVSS 7.7 Security Advisory

TL;DR πŸ“Œ

A vulnerability in the SNMP subsystem of Cisco IOS and IOS XE Software could allow authenticated attackers to cause a denial of service (DoS) or execute arbitrary code. This affects devices with SNMP enabled. Immediate action is required to patch or mitigate this vulnerability.

What happened πŸ•΅οΈβ€β™‚οΈ

A vulnerability has been identified in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software. This vulnerability allows an authenticated remote attacker to cause a denial of service (DoS) condition or execute code as the root user on affected devices. The exploitation requires valid SNMP credentials, either through SNMPv2c read-only community strings or SNMPv3 user credentials. This vulnerability is due to a stack overflow condition in the SNMP subsystem.

Affected products πŸ–₯️

The vulnerability affects Cisco devices running vulnerable releases of Cisco IOS Software and Cisco IOS XE Software. Specifically, it impacts:

  • Meraki MS390
  • Cisco Catalyst 9300 Series Switches running Meraki CS 17 and earlier

Note: All devices with SNMP enabled and not explicitly excluding the affected object ID (OID) are considered vulnerable.

Fixed software πŸ”§

Upgrade to the first fixed release in your train (or later):

Release / Product First Fixed Release Notes
1.0 Initial public release.
Cisco IOS and IOS XE Software Not specified

Workarounds 🧯

There are no workarounds that fully address this vulnerability. However, a mitigation strategy includes:

  • Allowing only trusted users to have SNMP access.
  • Monitoring affected systems using the show snmp host command.
  • Disabling the affected OIDs on devices where applicable.

Implementing these mitigations may impact device management through SNMP.

Risk in context 🎯

The highest CVSS score for this vulnerability is 7.7, categorizing it as High risk. The exposure is significant since it requires only authenticated access, making it easier for attackers with valid credentials to exploit the vulnerability. The potential for denial of service or remote code execution poses a serious threat to network integrity and availability.

Fast facts ⚑

  • CVSS Score: 7.7 (High)
  • Attack Vector: Remote, requires authentication
  • Impact: Denial of service, remote code execution
  • SNMP Versions Affected: All versions of SNMP
  • Exploitation: Successful exploitation has been observed in the wild.

For leadership 🧭

This vulnerability presents a High risk to our network infrastructure, with a CVSS score of 7.7. The exposure is driven by the requirement for authenticated access, which could lead to denial of service or remote code execution if exploited. Immediate remediation is essentialβ€”patching should be completed within 7 days, as fixes are available.

Operationally, applying the patch may require a brief maintenance window with no expected configuration drift.

Now: Identify affected devices and assess SNMP configurations.
Next: Patch devices with the fixed software.
Later: Monitor systems for any unusual activity and review SNMP access policies.

Failure to address this vulnerability could lead to significant operational disruptions and security breaches.