Cisco IOS and IOS XE Software SNMP Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software. This vulnerability allows an authenticated, remote attacker to cause an affected device to reload unexpectedly, leading to a DoS condition. The issue arises from improper error handling when parsing SNMP requests. Exploitation requires knowledge of a valid SNMP community string for SNMP v2c or earlier, or valid SNMP user credentials for SNMP v3.

Impact

Exploitation of this vulnerability causes the device to reload unexpectedly, creating a denial-of-service condition.

Remediation

Cisco plans to release software updates addressing this vulnerability. Customers with service contracts should obtain these updates through their usual channels. For those without service contracts, contact the Cisco TAC. Until the vulnerability can be fixed, administrators can disable the vulnerable OIDs on affected devices, although this may impact SNMP-based device management. Consult the Cisco SNMP Security Best Practices guide for more information.