Cisco IOS and IOS XE Software SNMP Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software. This vulnerability allows an authenticated, remote attacker to cause an affected device to reload unexpectedly, leading to a DoS condition. The issue arises from improper error handling when parsing SNMP requests. Exploitation requires knowledge of a valid SNMP community string for SNMP v2c or earlier, or valid SNMP user credentials for SNMP v3.

Impact

Exploitation of this vulnerability causes the affected device to reload unexpectedly, resulting in a denial-of-service condition.

Remediation

Cisco plans to release software updates addressing this vulnerability. Customers with service contracts should obtain these updates through their usual channels. For those without service contracts, contact the Cisco Technical Assistance Center (TAC) for assistance. In the meantime, administrators can disable vulnerable SNMP OIDs, although this may impact device management through SNMP.