Detections
Analytics
Cisco IOS XE SNMP Packet Handling Remote Buffer Overflow Multiple RCE (cisco-sa-20170629-snmp)
high Nessus Plugin ID 101269
Language:
Synopsis
The remote device is missing a vendor-supplied security patch.Description
According to its self-reported version and configuration, the Cisco IOS XE software running on the remote device is affected by multiple remote code execution vulnerabilities in the Simple Network Management Protocol (SNMP) subsystem due to multiple buffer overflow conditions.An unauthenticated, remote attacker can exploit these vulnerabilities, via a specially crafted SNMP packet, to execute arbitrary code.
To exploit these vulnerabilities via SNMP version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP version 3, the attacker must have user credentials for the affected system.
Solution
Upgrade to the relevant fixed version referenced in Cisco Security Advisory cisco-sa-20170629-snmp. Alternatively, as a workaround, disable the following MIBs on the device :- ADSL-LINE-MIB
- ALPS-MIB
- CISCO-ADSL-DMT-LINE-MIB
- CISCO-BSTUN-MIB
- CISCO-MAC-AUTH-BYPASS-MIB
- CISCO-SLB-EXT-MIB
- CISCO-VOICE-DNIS-MIB
- CISCO-VOICE-NUMBER-EXPANSION-MIB
- TN3270E-RT-MIB
See Also
http://www.nessus.org/u?564e08f8
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCve54313
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCve57697
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCve60276
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCve60376
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCve60402
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCve60507
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCve66540
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCve66601
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCve66658
Plugin Details
Severity: High
ID: 101269
File Name: cisco-sa-20170629-snmp-iosxe.nasl
Version: 1.16
Type: combined
Family: CISCO
Published: 7/7/2017
Updated: 5/3/2024
Configuration: Enable paranoid mode
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Critical
Score: 9.4
CVSS v2
Risk Factor: High
Base Score: 9
Temporal Score: 7.8
Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C
CVSS Score Source: CVE-2017-6744
CVSS v3
Risk Factor: High
Base Score: 8.8
Temporal Score: 8.4
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:cisco:ios_xe
Required KB Items: Settings/ParanoidReport, Host/Cisco/IOS-XE/Version
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 6/29/2017
Vulnerability Publication Date: 6/29/2017
CISA Known Exploited Vulnerability Due Dates: 3/24/2022, 5/10/2023
Reference Information
CVE: CVE-2017-6736, CVE-2017-6737, CVE-2017-6738, CVE-2017-6739, CVE-2017-6740, CVE-2017-6741, CVE-2017-6742, CVE-2017-6743, CVE-2017-6744
BID: 99345
CISCO-SA: cisco-sa-20170629-snmp
IAVA: 2017-A-0191-S
CISCO-BUG-ID: CSCve54313, CSCve57697, CSCve60276, CSCve60376, CSCve60402, CSCve60507, CSCve66540, CSCve66601, CSCve66658, CSCve78027, CSCve89865