CISCO-SA-SNMPV3-QKEYVZSY

Vulnerable Products:

At the time of publication, this vulnerability affected all releases of Cisco IOS and IOS XE Software if the SNMPv3 feature was configured.

See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. Determine the Device Configuration To determine if a device has an affected configuration, use the mapping table in the Details ["#details"] section of this advisory. If the length of the configuration line exceeds 255 characters, the device is affected.

Administrators can also check the output of show snmp user username to see if the access-list name is defined as expected. For example, an administrator could configure a device as follows:

Router# configure terminal Router(config)#snmp-server user SNMP256 SNMPV3_READ v3 auth sha auth1234567890xxxxx priv aes 256 encr1234567890xxxxx access ACL-EXAMPLE-ALLOW_SNMP Router(config)#end Router#show snmp user SNMP256 User name: SNMP256 Engine ID: 80000009030074A2E6831A01 storage-type: nonvolatile active access-list: ACL-EXAMPLE-ALLOW_SNMP Authentication Protocol: SHA Privacy Protocol: AES256 Group-name: SNMPV3_READ

Router#

In the preceding example, everything appears normal, and the system would function correctly. However, if the system reloaded, upon starting it back up and using the same command, the administrator would see the following output:

Router#show snmp user SNMP256 User name: SNMP256 Engine ID: 80000009030074A2E6831A01 storage-type: nonvolatile active access-list: ACL-EXAMPLE-ALLOW_S Authentication Protocol: SHA Privacy Protocol: AES256 Group-name: SNMPV3_READ Router#

In the preceding example, the access control list (ACL) name has been truncated. Because the ACL name does not exist in the configuration, it will not be enforced, leaving the SNMPv3 user without an ACL.Products Confirmed Not Vulnerable:

Only products listed in the Vulnerable Products ["#vp"] section of this advisory...