Pierluigi Paganini June 30, 2017

Experts at CISCO discovered severe remote code execution vulnerabilities in Cisco IOS Software while conducting internal testing.

Cisco warned users of serious vulnerabilities in IOS software that can be exploited by authenticated, remote attackers for code execution and denial-of-service (DoS) attacks. Experts at CISCO discovered the vulnerabilities while conducting internal testing.

“The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities.” states the advisory published by CISCO.

The experts warned of nine flaws affecting the Simple Network Management Protocol (SNMP) component of IOS and IOS XE software.

The flaws are due to a buffer overflow condition in the SNMP subsystem, all versions of SNMP – Versions 1, 2c, and 3 are affected.

As reported by the advisory, an authenticated attacker who knows the SNMP read-only community string of a target system could remotely execute code or cause the device to reload by sending a specially crafted SNMP packet via IPv4 or IPv6.

“To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. A successful exploit could allow the attacker to execute arbitrary code and obtain full control of the affected system or cause the affected system to reload.” continues the advisory.

The attack is very dangerous because hackers could obtain full control of vulnerable devices and the worst news is that CISCO warned customers that attackers in the wild know about the vulnerabilities and can exploit them in any moment.

Devices configured with any of the following MIBs are vulnerable:

• ADSL-LINE-MIB
• ALPS-MIB
• CISCO-ADSL-DMT-LINE-MIB
• CISCO-BSTUN-MIB
• CISCO-MAC-AUTH-BYPASS-MIB
• CISCO-SLB-EXT-MIB
• CISCO-VOICE-DNIS-MIB
• CISCO-VOICE-NUMBER-EXPANSION-MIB
• TN3270E-RT-MIB

Waiting for a fix, users can apply workarounds suggested by the company.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Cisco IOS Software, hacking)

[adrotate banner=”13″]