Cisco IOS, IOS XE, and IOS XR Software SNMP Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the SNMP subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software. This vulnerability allows an authenticated, remote attacker to disrupt the normal operation of an affected device. The issue arises from improper error handling when processing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to the device. In the case of Cisco IOS and IOS XE Software, this could lead to an unexpected device reload, causing a denial-of-service condition. For Cisco IOS XR Software, the exploitation would restart the SNMP process, interrupting SNMP responses without causing a device reload.

Impact

Exploitation of this vulnerability causes a denial-of-service condition on the affected device. In Cisco IOS and IOS XE Software, the device reloads unexpectedly, disrupting all active connections. In Cisco IOS XR Software, the SNMP process restarts, temporarily halting SNMP responses from the device.

Remediation

Cisco plans to release software updates addressing this vulnerability. Customers with service contracts should obtain these updates through their usual channels. For those without service contracts, contact the Cisco Technical Assistance Center (TAC) for assistance. To mitigate the vulnerability, administrators can disable vulnerable SNMP object identifiers (OIDs) on the device, although this may impact device management through SNMP. As a best practice, restrict SNMP access to trusted network devices.