Reg comments3

Management bug can crash Cisco IOS, IOS XE

Nine SNMP MIBs vulnerable

Cisco's been caught out by the venerable Simple Network Management Protocol, turning up nine bugs in IOS and IOS XE that appear in all SNMP versions.

Its implementation of SNMP v1, v2c and v3 – in other words, all versions in use – has a buffer overflow condition that in the right conditions can be exploited for denial-of-service and remote code execution.

The two older versions are vulnerable if an attacker knows a network's read-only SNMP community string; SNMP v3 is only vulnerable if an attacker has user credentials for the affected system.

There are nine CVEs associated with the bug (CVE-2017-6736, CVE-2017-6737, CVE-2017-6738, CVE-2017-6739, CVE-2017-6740, CVE-2017-6741, CVE-2017-6742, CVE-2017-6743, CVE-2017-6744), reflecting the nine SNMP Management Information Bases (MIBs) it appears in:

  • ADSL-LINE-MIB
  • ALPS-MIB
  • CISCO-ADSL-DMT-LINE-MIB
  • CISCO-BSTUN-MIB
  • CISCO-MAC-AUTH-BYPASS-MIB
  • CISCO-SLB-EXT-MIB
  • CISCO-VOICE-DNIS-MIB
  • CISCO-VOICE-NUMBER-EXPANSION-MIB
  • TN3270E-RT-MIB

Switchzilla says it's working on software updates. In the meantime, sysadmins need to restrict SNMP access, and if they can, disable the vulnerable MIBs. ®

Sponsored: The Joy and Pain of Buying IT - Have Your Say


Biting the hand that feeds IT © 1998–2017