Cisco IOS and IOS XE Software SNMP Denial-of-Service and Remote Code Execution Vulnerability

A vulnerability exists in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and Cisco IOS XE Software. This vulnerability allows an authenticated, remote attacker with low privileges to cause a denial-of-service (DoS) condition on the affected device. The attacker must have the SNMPv2c or earlier read-only community string or valid SNMPv3 user credentials. Additionally, an authenticated, remote attacker with high privileges can exploit this vulnerability to execute code as the root user on devices running Cisco IOS XE Software. In this case, the attacker must have the SNMPv1 or v2c read-only community string or valid SNMPv3 user credentials, along with administrative or privilege 15 credentials on the affected device. The vulnerability arises from a stack overflow condition in the SNMP subsystem, allowing a low-privileged attacker to reload the system, causing a DoS condition, or enabling a high-privileged attacker to execute arbitrary code as the root user, gaining full control of the system.

Impact

Exploitation leads to a denial-of-service condition or allows for remote code execution as the root user on affected devices running Cisco IOS XE Software.

Remediation

Cisco has released software updates to address this vulnerability. For devices running Cisco IOS and IOS XE Software, consult the Cisco Software Checker tool to determine the first fixed release. Meraki MS390 and Cisco Catalyst 9300 Series Switches running Meraki CS 17 and earlier are also affected, but this vulnerability is fixed in Cisco IOS XE Software Release 17.15.4a.