6.3 - cisco-sa-20180328-snmp-dos

A vulnerability in Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition.

The vulnerability is due to improper management of memory resources, referred to as a double free. An attacker could exploit this vulnerability by sending crafted SNMP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.

To exploit this vulnerability via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for an affected system. To exploit this vulnerability via SNMP Version 3, the attacker must know the user credentials for the affected system.

Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.

This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-snmp-dos ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-snmp-dos"]

This advisory is part of the March 28, 2018, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 20 Cisco Security Advisories that describe 22 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: March 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-66682"].

BEGIN PGP SIGNATURE

iQJ5BAEBAgBjBQJau71RXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfczgk0QAKNGdJYaMkUcykckNY5iX6ZaLBMl K+GyKkJZOFsK9fWSE4KweChc/eYzGxY97rAZIQEPvjC55QyM+VYO/LUhMXMm/qtK y92cWXbZ00EzCcvK+tlpZfLmpIh7z3BZOxSMrkDTrbfyotc92SsnXqldRoSTNy/a i1FdaWOmF/SAKDTo1fIUgwqPVrpqwRGy/eQ322ZQxRzO1DGSwx5KMtqHcyG9Kpw8 xr8lWnSdMhuZg8Vb0q0OY9TgPagIv6p9UtFOlplgDpVcsgjHehICk4tafcGnnR/H HXtpz+rO5V5R3VQmqMbMktNSWVm4/H9hOJCV8AEyH4cUXfQi4Q3Pb/U2giuh4ZLR ZBtKDmkDWcZXXEhsUIY9ZDvbwHUq0i9UsS5Gn7I85oSoLElrMWX+W+hPuUSaUUHE nca4PqG0b4pVy8wZbik8FCERS6Rk3vwmRPl1vXeTdbMo4sTRjPyrNC8fLZpZXP3h 7JXFDyZucQB0GVNqAn1goe2DVHkfkbEseBGBR/WNQ7NmIaqbXh6GpNkuHzj3cZsu Nw6hUPpRL/KXfxQjA2ZEEVmCEEyW8TZilqYNyt5i+zJ5WDlaJIklYJYG+RZRs5Qz Sfm/G8ijKOSwMIWgKl5ifHAUjTxCvlnQ6OMpFmQfQ+0R3Ql5XgJwhbcK+8evqEYu vWhZpzg+F5IFM/yA =lfj7 END PGP SIGNATURE

_______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com