cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1411
Views
0
Helpful
8
Replies

CSCva92151 - Cisco ASA SNMP Remote Code Execution Vulnerability

Ayhan Guec
Level 1
Level 1

Hi guys,

are the 8.4.7 & higher also affected from Bug CSCva92151 ??

Best regards

Ayhan

8 Replies 8

engahmed1975
Level 1
Level 1

Yes, these releases are affected:

8.4.7
8.4.7.3
8.4.7.15
8.4.7.22
8.4.7.23
8.4.7.26
8.4.7.28
8.4.0
8.4.7.29

Sorry, but you can do the workaround till the upgrade availability.

Ahmed 

Hi Ahmed,

How about 8.4.7 (30) ?

Thanks

Hi Venakteshwara,


        In the "cvrf" file for the bug, it's not mentioned as affected. I saw that Cisco has been updated the bug doc
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCva92151,
and it mentioned it as fixed, and if u check the the website to download the updated software like:

9.0(4.40)
9.1(7.9)
9.2(4.14)
9.3(3.10)
9.4(3.7)
9.6(1.11)
9.6(1.112)
97.1(1.134)
U wont find any of them, may be it'll be released or there's a plan to be released soon, so just we should be patient :)
I'll wait a while and then I'll check the updates regarding the different platform that I have.

Ahmed

Hi Ahmed,

i have also found nothing to download from mentioned Software for the ASA 5520 or 5525-X.

@Venkateshwara

I would be interessted if the fix is included in 8.4.7.30 or 8.4.7.31, as they were the last updates which are installed on many ASA's as a solution for CSCux29978 and CSCux42019 on April/June (IKE Buffer Overflow Vulnerability) short time ago.

It is important to stay at 8.4.7 train for some customers (different reasons).

Best Regards

Ayhan

I am using version 9.3(2) and not sure which version i should upgrade to:

9.3.(3.10) or 9.4 or 9.6

Any recommendation and reason why i should choose that version?

merzj
Level 1
Level 1

Does anyone know if using the no snmp-server enable command is a work around?


Jen

Hi Merzj,

Using this command as a workaround is more enough, as a workaround is enough is using snmp-server host x.x.x.x, to enable only specifi hosts.

Cisco doc say,

Workarounds
  • Administrators are advised to allow only trusted users to have SNMP access and to monitor affected systems using the snmp-server host command.

Regards,

Ahmed 

AG
Level 1
Level 1

Hi,

My information from Cisco TAC is, that all of the software versions are affected. 

However you are good, if you use this mentioned workaround, where you do not allow SNMP from outside or let´s say you allow it only from some trusted hosts.

The software is not available for now, but should be released in few days. 

BR

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: