The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 up to and including 12.4 and 15.0 up to and including 15.6 and IOS XE 2.2 up to and including 3.17 contains multiple vulnerabilities that could allow an authenticated, remote malicious user to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve66601.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
cisco ios 12.2\\(18\\)sxf10 |
||
cisco ios 12.2\\(18\\)sxf15 |
||
cisco ios 12.1\\(22\\)e6 |
||
cisco ios 12.1\\(13\\)e15 |
||
cisco ios 12.2\\(18\\)sxf17a |
||
cisco ios 12.1\\(20\\)e1 |
||
cisco ios 12.2\\(18\\)sxf3 |
||
cisco ios 12.2\\(14\\)za7 |
||
cisco ios 12.2\\(18\\)sxf4 |
||
cisco ios 12.1\\(13\\)e8 |
||
cisco ios 12.1\\(27b\\)e1 |
||
cisco ios 12.2\\(14\\)za6 |
||
cisco ios 12.1\\(22\\)e4 |
||
cisco ios 12.2\\(18\\)sxf12a |
||
cisco ios 12.1\\(26\\)e7 |
||
cisco ios 12.2\\(18\\)s3 |
||
cisco ios 12.2\\(18\\)sxf2 |
||
cisco ios 12.2\\(18\\)sxd1 |
||
cisco ios 12.2\\(17d\\)sxb3 |
||
cisco ios 12.2\\(14\\)za5 |
||
cisco ios 12.1\\(26\\)e2 |
||
cisco ios 12.2\\(18\\)s9 |
||
cisco ios 12.1\\(13\\)e14 |
||
cisco ios 12.2\\(18\\)sxf9 |
||
cisco ios 12.2\\(17d\\)sxb6 |
||
cisco ios 12.1\\(26\\)e3 |
||
cisco ios 12.2\\(14\\)za2 |
||
cisco ios 12.1\\(20\\)e |
||
cisco ios 12.1\\(20\\)e4 |
||
cisco ios 12.2\\(18\\)s11 |
||
cisco ios 12.1\\(22\\)e1 |
||
cisco ios 12.1\\(27b\\)e3 |
||
cisco ios 12.1\\(26\\)e5 |
||
cisco ios 12.2\\(14\\)za4 |
||
cisco ios 12.2\\(17d\\)sxb4 |
||
cisco ios 12.1\\(13\\)e10 |
||
cisco ios 12.2\\(17d\\)sxb2 |
||
cisco ios 12.1\\(26\\)e6 |
||
cisco ios 12.1\\(20\\)e3 |
||
cisco ios 12.1\\(22\\)e5 |
||
cisco ios 12.2\\(18\\)sxf11 |
||
cisco ios 12.1\\(27b\\)e4 |
||
cisco ios 12.1\\(13\\)e16 |
||
cisco ios 12.2\\(17a\\)sx4 |
||
cisco ios 12.1\\(26\\)e4 |
||
cisco ios 12.2\\(18\\)sxf17b |
||
cisco ios 12.2\\(18\\)sxf15a |
||
cisco ios 12.2\\(18\\)s12 |
||
cisco ios 12.1\\(22\\)e2 |
||
cisco ios 12.2\\(18\\)sxf |
||
cisco ios 12.1\\(20\\)e6 |
||
cisco ios 12.1\\(13\\)e6 |
||
cisco ios 12.1\\(23\\)e |
||
cisco ios 12.1\\(13\\)e13 |
||
cisco ios 12.1\\(13\\)e12 |
||
cisco ios 12.2\\(18\\)sxf6 |
||
cisco ios 12.1\\(22\\)e |
||
cisco ios 12.2\\(18\\)s1 |
||
cisco ios 12.1\\(19\\)e |
||
cisco ios 12.2\\(17d\\)sxb11a |
||
cisco ios 12.1\\(13\\)e3 |
||
cisco ios 12.2\\(18\\)sxf12 |
||
cisco ios 12.2\\(18\\)sxf10a |
||
cisco ios 12.1\\(26\\)e8 |
||
cisco ios 12.1\\(22\\)e3 |
||
cisco ios 12.2\\(17d\\)sxb1 |
||
cisco ios 12.1\\(13\\)e17 |
||
cisco ios 12.2\\(18\\)s10 |
||
cisco ios 12.1\\(23\\)e2 |
||
cisco ios 12.1\\(13\\)e4 |
||
cisco ios 12.2\\(14\\)za3 |
||
cisco ios 12.2\\(18\\)sxf7 |
||
cisco ios 12.2\\(17d\\)sxb8 |
||
cisco ios 12.1\\(27b\\)e |
||
cisco ios 12.2\\(17a\\)sx1 |
||
cisco ios 12.2\\(17d\\)sxb7 |
||
cisco ios 12.1\\(26\\)e |
||
cisco ios 12.2\\(17b\\)sxa2 |
||
cisco ios 12.1\\(19\\)e1 |
||
cisco ios 12.2\\(14\\)za |
||
cisco ios 12.2\\(18\\)s |
||
cisco ios 12.2\\(17d\\)sxb9 |
||
cisco ios 12.2\\(17d\\)sxb10 |
||
cisco ios 12.1\\(23\\)e3 |
||
cisco ios 12.2\\(18\\)sxf13 |
||
cisco ios 12.2\\(18\\)sxf8 |
||
cisco ios 12.1\\(27b\\)e2 |
||
cisco ios 12.2\\(18\\)s13 |
||
cisco ios 12.2\\(18\\)s4 |
||
cisco ios 12.1\\(23\\)e1 |
||
cisco ios 12.2\\(18\\)sxf5 |
||
cisco ios 12.1\\(13\\)e9 |
||
cisco ios 12.2\\(18\\)s2 |
||
cisco ios 12.2\\(17d\\)sxb11 |
||
cisco ios 12.1\\(13\\)e11 |
||
cisco ios 12.2\\(17d\\)sxb5 |
||
cisco ios 12.1\\(26\\)e1 |
||
cisco ios 12.2\\(18\\)sxf14 |
||
cisco ios 12.1\\(26\\)e9 |
||
cisco ios 12.1\\(13\\)e7 |
||
cisco ios 12.1\\(23\\)e4 |
||
cisco ios 12.2\\(18\\)sxf17 |
||
cisco ios 12.2\\(18\\)sxf16 |
||
cisco ios 12.2\\(17a\\)sx2 |
||
cisco ios 12.2\\(18\\)s8 |
||
cisco ios 12.1\\(13\\)e5 |
Nine SNMP MIBs vulnerable
Cisco's been caught out by the venerable Simple Network Management Protocol, turning up nine bugs in IOS and IOS XE that appear in all SNMP versions. Its implementation of SNMP v1, v2c and v3 – in other words, all versions in use – has a buffer overflow condition that in the right conditions can be exploited for denial-of-service and remote code execution. The two older versions are vulnerable if an attacker knows a network's read-only SNMP community string; SNMP v3 is only vulnerable if a...
Vulmon