Launching soon: The world's first vendor agnostic bug scrubLearn more & join waitlist
OPERATIONAL DEFECT DATABASE
...
...
The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. A successful exploit could allow the attacker to execute arbitrary code and obtain full control of the affected system or cause the affected system to reload. Cisco will release software updates that address these vulnerabilities. There are workarounds that address these vulnerabilities. The advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp
Devices running an affected version of Cisco IOS Software or Cisco IOS XE Software.
Administrators are advised to allow only trusted users to have SNMP access on an affected system. Administrators are also advised to monitor affected systems by using the show snmp host command in the CLI. In addition, administrators can mitigate these vulnerabilities by disabling the following MIBs on a device: ADSL-LINE-MIB ALPS-MIB CISCO-ADSL-DMT-LINE-MIB CISCO-BSTUN-MIB CISCO-MAC-AUTH-BYPASS-MIB CISCO-SLB-EXT-MIB CISCO-VOICE-DNIS-MIB CISCO-VOICE-NUMBER-EXPANSION-MIB TN3270E-RT-MIB To create or update a view entry and disable the affected MIBs, administrators can use the snmp-server view global configuration command, as shown in the following example: snmp-server view NO_BAD_SNMP iso included snmp-server view NO_BAD_SNMP internet included snmp-server view NO_BAD_SNMP snmpUsmMIB excluded snmp-server view NO_BAD_SNMP snmpVacmMIB excluded snmp-server view NO_BAD_SNMP snmpCommunityMIB excluded snmp-server view NO_BAD_SNMP ciscoMgmt.252 excluded snmp-server view NO_BAD_SNMP transmission.94 excluded snmp-server view NO_BAD_SNMP mib-2.34.9 excluded snmp-server view NO_BAD_SNMP ciscoMgmt.35 excluded snmp-server view NO_BAD_SNMP ciscoMgmt.95 excluded snmp-server view NO_BAD_SNMP ciscoMgmt.130 excluded snmp-server view NO_BAD_SNMP ciscoMgmt.219 excluded snmp-server view NO_BAD_SNMP ciscoMgmt.254 excluded snmp-server view NO_BAD_SNMP ciscoMabMIB excluded snmp-server view NO_BAD_SNMP ciscoExperiment.997 excluded To then apply this configuration to a community string, administrators can use the following command: snmp-server community mycomm view NO_BAD_SNMP RO For SNMP Version 3, administrators can use the following command: snmp-server group v3group auth read NO_BAD_SNMP write NO_BAD_SNMP
Customer are advised to utilize the Cisco IOS Software Checker or Contact Cisco TAC to determine if fixed software has been released for an affected platform. Cisco IOS Software Checker: http://tools.cisco.com/security/center/selectIOSVersion.x PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 3 score. The Base CVSS score as of the time of evaluation is 8.8: https://tools.cisco.com/security/center/cvssCalculator.x?version=3.0&vector=CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X CVE ID CVE-2017-6738 has been assigned to document this issue. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html