CERT Advisory: Cisco IOS DoS vulnerabilities (Just an FYI)
Just passing this info along:
Cisco IOS SNMP Message Handling Vulnerability
Original release date: April 20, 2004
Last revised: --
* Cisco routers and switches running vulnerable versions of IOS.
Vulnerable IOS versions known to be affected include:
* 12.0(23)S4, 12.0(23)S5
* 12.0(24)S4, 12.0(24)S5
* 12.0(27)SV, 12.0(27)SV1
* 12.1(20)E, 12.1(20)E1, 12.1(20)E2
* 12.1(20)EW, 12.1(20)EW1
* 12.1(20)EC, 12.1(20)EC1
* 12.2(12g), 12.2(12h)
* 12.2(20)S, 12.2(20)S1
* 12.2(21), 12.2(21a)
* 12.3(2)XC1, 12.3(2)XC2
* 12.3(5), 12.3(5a), 12.3(5b)
* 12.3(4)T, 12.3(4)T1, 12.3(4)T2, 12.3(4)T3
* 12.3(4)XD, 12.3(4)XD1
There is a vulnerability in Cisco's Internetwork Operating System
(IOS) SNMP service. When vulnerable Cisco routers or switches
specific SNMP requests, the system may reboot. If repeatedly
exploited, this vulnerability could result in a sustained denial of
This vulnerability is distinct from the vulnerability described in
US-CERT Technical Alert TA04-111A issued earlier today. Cisco has
published an advisory about this distinct SNMP issue at the
The Simple Network Management Protocol (SNMP) is a widely deployed
protocol that is commonly used to monitor and manage network
There are several types of SNMP messages that are used to request
information or configuration changes, respond to requests,
SNMP objects, and send both solicited and unsolicited alerts. These
messages use UDP to communicate network information between SNMP
agents and managers.
There is a vulnerability in Cisco's IOS SNMP service in which
to process specific SNMP messages are handled incorrectly. This may
potentially cause the device to reload.
Typically, ports 161/udp and 162/udp are used during SNMP
to communicate. In addition to these well-known ports, Cisco IOS
a randomly selected UDP port in the range from 49152/udp to
(and potentially up to 65535) to listen for other types of SNMP
messages. While SNMPv1 and SNMPv2c formatted messages can trigger
vulnerability, the greatest risk is exposed when any SNMPv3
operation is sent to a vulnerable port.
Cisco notes in their advisory:
"SNMPv1 and SNMPv2c solicited operations to the vulnerable ports
perform an authentication check against the SNMP community
which may be used to mitigate attacks. Through best practices
hard to guess community strings and community string ACLs, this
vulnerability may be mitigated for both SNMPv1 and SNMPv2c.
However, any SNMPv3 solicited operation to the vulnerable ports
will reset the device. If configured for SNMP, all affected
versions will process SNMP version 1, 2c and 3 operations."
Cisco is tracking this issue as CSCed68575. US-CERT is tracking
issue as VU#162451.
A remote, unauthenticated attacker could cause the vulnerable
to reload. Repeated exploitation of this vulnerability could lead
sustained denial of service condition.
Upgrade to fixed versions of IOS
Cisco has published detailed information about upgrading affected
Cisco IOS software to correct this vulnerability. System managers
encouraged to upgrade to one of the non-vulnerable releases. For
additional information regarding availability of repaired releases,
please refer to the "Software Versions and Fixes" section of the
Cisco recommends a number of workarounds, including disabling SNMP
processing on affected devices. For a complete list of workarounds,
see the Cisco Security Advisory.
Appendix A. Vendor Information
This appendix contains information provided by vendors for this
advisory. As vendors report new information to US-CERT, we will
this section and note the changes in our revision history. If a
particular vendor is not listed below, we have not received their
Please refer to Cisco Security Advisory: "Vulnerabilities in SNMP
Message Processing". Cisco has published their advisory at the
US-CERT thanks Cisco Systems for notifying us about this problem.
Check out my pics!
|All times are GMT. The time now is 04:13 AM.|
Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.