Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
978
Views
0
Helpful
5
Replies

SNMP Remote Code Execution Vulnerabilities in Cisco IOS and IOS XE

Go to solution
Hiago Mendes
Level 1
Level 1

‎05-08-2023 11:29 AM

Hi everyone! I had received a security report from Cisco for SNMP vulnerabilities that can affect devices running SNMP versions 1, 2c and 3. The report is here (REPORT CISCO)

The following MIBs are vulnerable:

  • ADSL-LINE-MIB
  • ALPS-MIB
  • CISCO-ADSL-DMT-LINE-MIB
  • CISCO-BSTUN-MIB
  • CISCO-MAC-AUTH-BYPASS-MIB
  • CISCO-SLB-EXT-MIB
  • CISCO-VOICE-DNIS-MIB
  • CISCO-VOICE-NUMBER-EXPANSION-MIB
  • TN3270E-RT-MIB

The question is.... If I type "sh snmp mib | b [MIB NAME]" and it doesnt appears... Can I assume my device is NOT running that MIB? I'm right?

Example:

Router#sh snmp mib | b CISCO-VOICE-NUMBER-EXPANSION-MIB

Router#

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to Hiago Mendes

‎05-09-2023 03:34 PM

Looks your version is effected  - upgrade to 12.4(2)TXX

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp#fs

check section -  Cisco IOS and IOS XE Software  (by entering your IOS version )

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

0 Helpful
5 Replies 5

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎05-08-2023 11:49 AM

may be not necessary that is correct.

can you post  show version and show run | inc snmp

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Hiago Mendes
Level 1
Level 1
In response to balaji.bandi

‎05-08-2023 12:00 PM

Its not one device but dozens. But one for example:


[...]

#show ver

Cisco IOS Software, 3800 Software (C3825-ADVENTERPRISEK9_SNA-M), Version 12.4(15)T, RELEASE SOFTWARE (fc3)

[...]

#sh run

[...]

snmp-server host x.x.x.x commkey
snmp-server host x.x.x.x version 2c commkey
snmp-server host x.x.x.x commkey2

[...]

snmp-server host x.x.x.x version 3 priv office

[...]

 

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to Hiago Mendes

‎05-09-2023 03:34 PM

Looks your version is effected  - upgrade to 12.4(2)TXX

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp#fs

check section -  Cisco IOS and IOS XE Software  (by entering your IOS version )

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
shamrozakram18
Level 1
Level 1

‎05-17-2023 02:14 PM

SNMP Remote Code Execution Vulnerabilities in Cisco IOS and IOS XE allow attackers to execute arbitrary code remotely on affected devices. The vulnerabilities affect certain versions of IOS and IOS XE and can be exploited by authenticated or unauthenticated attackers with network access. Cisco has released patches to address these vulnerabilities.

0 Helpful

Go to solution
Hiago Mendes
Level 1
Level 1
In response to shamrozakram18

‎05-19-2023 05:34 AM

These patches can be installed by updating IOS?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents