Cisco IOS SNMP Implementation Flaw

In a recent security advisory, Cisco disclosed a significant vulnerability in the implementation of the Simple Network Management Protocol (SNMP) IPv4 access control list (ACL) feature within its IOS and IOS XE Software.

This flaw could potentially allow an unauthenticated, remote attacker to bypass ACLs and perform SNMP polling on devices that were configured to deny such traffic.

Understanding the Vulnerability

The vulnerability arises from the software’s inability to support extended IPv4 ACLs for SNMP despite allowing administrators to configure extended named IPv4 ACLs attached to the SNMP server configuration.

This discrepancy leads to a situation where no ACL is applied to the SNMP listening process, effectively leaving the door open for unauthorized access.

Free Live Webinarfor DIFR/SOC Teams: Securing the Top 3 SME Cyber Attack Vectors - Register Here.

An attacker exploiting this vulnerability could perform SNMP polling of an affected device, potentially gaining access to sensitive information or affecting the device’s performance.

The Common Vulnerability Scoring System (CVSS) score of 3.1 reflects the vulnerability’s potential impact, emphasizing the need for immediate attention from network administrators.

Affected Products

At the time of publication, the vulnerability impacts devices running Cisco IOS and IOS XE Software with the SNMP feature enabled and an extended named ACL applied.

Cisco has clarified that products such as IOS XR Software, Meraki products, and NX-OS Software are not affected by this flaw. The advisory also notes that SNMP configurations using IPv6 ACLs are not susceptible to this vulnerability.

Cisco launched a tool to check vulnerabilities in Cisco IOS and IOS XE Software. This tool identifies any Cisco security advisories that impact a specific software release and the earliest release that fixes the vulnerabilities

Cisco’s advisory does not currently list any available software updates specifically addressing this vulnerability.

Instead, it emphasizes reviewing device configurations and applying recommended changes to mitigate the risk.

Network administrators are urged to verify whether their devices are configured with extended named IPv4 ACLs for SNMP and to adjust their configurations to ensure proper ACL enforcement.

Looking to Safeguard Your Company from Advanced Cyber Threats? Deploy TrustNet to Your Radar ASAP.

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.