CiscoCISCO-SA-20170201-ASRSNMPCisco ASR 1000 Series Aggregation Services Routers SNMP High CPU Denial of Service Vulnerability
EPSS
Percentile
58.8%
A vulnerability in Simple Network Management Protocol (SNMP) functions of Cisco ASR 1000 Series Aggregation Services Routers running Cisco IOS XE Software Release 3.13.6S, 3.16.2S, or 3.17.1S could allow an authenticated, remote attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition.
The vulnerability is due to an incorrect initialized variable. An attacker could exploit this vulnerability by performing SNMP polling on MIBs and using only Interface Index (ifIndex) values. A successful exploit could allow the attacker to increase CPU usage to 99% on an affected device and cause a DoS condition.
There are workarounds that address this vulnerability.
This advisory is available at the following link:
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | cisco_ios | 3.13s | cpe:2.3:o:cisco:cisco_ios:3.13s:xe:*:*:*:*:*:* |
| cisco | cisco_ios | 3.16s | cpe:2.3:o:cisco:cisco_ios:3.16s:xe:*:*:*:*:*:* |
| cisco | cisco_ios | 3.17s | cpe:2.3:o:cisco:cisco_ios:3.17s:xe:*:*:*:*:*:* |
| cisco | asr_1000_series_software | any | cpe:2.3:a:cisco:asr_1000_series_software:any:*:*:*:*:*:*:* |
| cisco | cisco_ios | 3.13.6s | cpe:2.3:o:cisco:cisco_ios:3.13.6s:xe:*:*:*:*:*:* |
| cisco | cisco_ios | 3.16.2s | cpe:2.3:o:cisco:cisco_ios:3.16.2s:xe:*:*:*:*:*:* |
| cisco | cisco_ios | 3.17.1s | cpe:2.3:o:cisco:cisco_ios:3.17.1s:xe:*:*:*:*:*:* |
| cisco | asr_9904 | 1000_series_aggregation_services_routers | cpe:2.3:h:cisco:asr_9904:1000_series_aggregation_services_routers:*:*:*:*:*:*:* |
Related
