Wednesday, February 1, 2017

Cisco ASR 1000 Series Aggregation Services Routers SNMP High CPU Denial of Service Vulnerability

A vulnerability in Simple Network Management Protocol (SNMP) functions of Cisco ASR 1000 Series Aggregation Services Routers running Cisco IOS XE Software Release 3.13.6S, 3.16.2S, or 3.17.1S could allow an authenticated, remote attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition.

The vulnerability is due to an incorrect initialized variable. An attacker could exploit this vulnerability by performing SNMP polling on MIBs and using only Interface Index (ifIndex) values. A successful exploit could allow the attacker to increase CPU usage to 99% on an affected device and cause a DoS condition.

There are workarounds that address this vulnerability.

This advisory is available at the following link:
http://ift.tt/2kVCMKf A vulnerability in Simple Network Management Protocol (SNMP) functions of Cisco ASR 1000 Series Aggregation Services Routers running Cisco IOS XE Software Release 3.13.6S, 3.16.2S, or 3.17.1S could allow an authenticated, remote attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition.

The vulnerability is due to an incorrect initialized variable. An attacker could exploit this vulnerability by performing SNMP polling on MIBs and using only Interface Index (ifIndex) values. A successful exploit could allow the attacker to increase CPU usage to 99% on an affected device and cause a DoS condition.

There are workarounds that address this vulnerability.

This advisory is available at the following link:
http://ift.tt/2kVCMKf
Security Impact Rating: Medium
CVE: CVE-2017-3820

from Cisco Security Advisory http://ift.tt/2kVCMKf

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.