nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

Management bug can crash Cisco IOS, IOS XE

Nine SNMP MIBs vulnerable

By Richard Chirgwin, 30 Jun 2017

Cisco's been caught out by the venerable Simple Network Management Protocol, turning up nine bugs in IOS and IOS XE that appear in all SNMP versions.

Its implementation of SNMP v1, v2c and v3 – in other words, all versions in use – has a buffer overflow condition that in the right conditions can be exploited for denial-of-service and remote code execution.

The two older versions are vulnerable if an attacker knows a network's read-only SNMP community string; SNMP v3 is only vulnerable if an attacker has user credentials for the affected system.

There are nine CVEs associated with the bug (CVE-2017-6736, CVE-2017-6737, CVE-2017-6738, CVE-2017-6739, CVE-2017-6740, CVE-2017-6741, CVE-2017-6742, CVE-2017-6743, CVE-2017-6744), reflecting the nine SNMP Management Information Bases (MIBs) it appears in:

  • ADSL-LINE-MIB
  • ALPS-MIB
  • CISCO-ADSL-DMT-LINE-MIB
  • CISCO-BSTUN-MIB
  • CISCO-MAC-AUTH-BYPASS-MIB
  • CISCO-SLB-EXT-MIB
  • CISCO-VOICE-DNIS-MIB
  • CISCO-VOICE-NUMBER-EXPANSION-MIB
  • TN3270E-RT-MIB

Switchzilla says it's working on software updates. In the meantime, sysadmins need to restrict SNMP access, and if they can, disable the vulnerable MIBs. ®

The Register - Independent news and views for the tech community. Part of Situation Publishing