April 18, 2023
High Severity SNMP RCE Vulnerabilities in Cisco IOS and IOS XE Software Exploited in the Wild
Cisco has published that multiple five-years-old high severity RCE vulnerabilities were exploited in the wild. The vulnerabilities are in Cisco’s IOS and IOS XE software’s SNMP (Simple Network Management Protocol) subsystem.
The RCE Vulnerabilities
- CVE-2017-6736, CVE-2017-6737, CVE-2017-6738, CVE-2017-6739, CVE-2017-6740, CVE-2017-6741, CVE-2017-6742, CVE-2017-6743, CVE-2017-6744
High Severity (CVSS score: 8.8) – The vulnerabilities are caused by a buffer overflow condition in the SNMP subsystem of the affected software. An unauthenticated and remote threat actors can exploit in remote code execution (RCE) attacks.
The vulnerabilities affect all previous versions of Cisco IOS and IOS XE software, as well as all SNMP-Versions 1, 2c, and 3.
CYREBRO urges all clients to use the Cisco IOS Software Checker to check whether a release is affected by any published Cisco Security Advisory, and upgrade the products to the latest versions.
It is recommended to allow only trusted users to have SNMP access and to monitor affected systems using the show snmp host command.
Mitigation can be done by disabling the following MIBs (Management Information Base) on a device:
Use the snmp-server view global configuration command to create or update a view entry and disable the affected MIBs.
References: Cisco Advisory.