CISCO-SA-SNMP-X4LPHTE

Vulnerable Products:

This vulnerability affects Cisco devices if they are running a vulnerable release of Cisco IOS Software or Cisco IOS XE Software.

Note: This vulnerability affects all versions of SNMP. All devices that have SNMP enabled and have not explicitly excluded the affected object ID (OID) should be considered vulnerable. For details on excluding the OID, see the Workarounds ["#wa"] section of this advisory.

For information about which Cisco software releases are vulnerable, see the Fixed Software ["#fs"] section of this advisory. Determine the Device Configuration To determine whether a device has SNMPv1 or v2c enabled, use the show running-config | include snmp-server community CLI command. If there is output, SNMP is enabled, as shown in the following example:

Router# show running-config | include snmp-server community snmp-server community public ro

To determine whether a device has SNMPv3 enabled, use the show running-config | include snmp-server group and show snmp user CLI commands. If there is output from both commands, SNMPv3 is enabled, as shown in the following example:

Router# show running-config | include snmp-server group snmp-server group v3group v3 noauth

Router# show snmp user User name: remoteuser1 Engine ID: 800000090300EE01E71C178C storage-type: nonvolatile active Authentication Protocol: SHA Privacy Protocol: None Group-name: v3groupProducts Confirmed Not Vulnerable:

Only products listed in the Vulnerable Products ["#vp"] section of this advisory are known to be affected by this vulnerability.

Cisco has confirmed that this vulnerability does not affect the following Cisco products:

IOS XR Software NX-OS SoftwareWorkarounds:

There are no workarounds that address this vulnerability. However, there is a mitigation.

Administrators are advised to allow only trusted users to have SNMP access on an affected system. Administrators are also advised to monitor affected systems by using the...