| VID |
29035 |
| Severity |
40 |
| Port |
161 |
| Protocol |
UDP |
| Class |
CISCO |
| Detailed Description |
The Cisco Non-IOS Device has a malformed SNMP message-handling vulnerabilities (Cisco bug ID CSCdw67458). These vulnerabilities can be repeatedly exploited to produce a Denial of Service (DoS) attack. When the vulnerabilities are exploited, they can cause an affected Cisco product to crash and reload.
* Note: This check solely relied on the version number of the remote system to assess this vulnerability, so this might be a false positive. This check also requires a read access SNMP community string to collect the version number. To provide this access, add the valid community string to the check item, "snmp/guessable/r" from the Policy Editor.
* References:
http://www.cisco.com/warp/public/707/cisco-malformed-snmp-msgs-non-ios-pub.shtml
http://online.securityfocus.com/archive/1/255807
http://www.cert.org/advisories/CA-2002-03.html
* Platforms Affected:
See the Cisco Security Advisory in 'References' above. |
| Recommendation |
Upgrade to the fixed version. The first available fixed release for Catalyst 4000, Catalyst 5000, Catalyst 6000 Family is :
7.1(2), 7.1(1a), 6.3(5), 6.3(4a), 6.3(3a), 6.3(2a), 6.3(1a), 6.3(3)X1, 6.2(3a), 6.2(2a), 6.2(1a), 6.1(4b), 6.1(3a), 6.1(2a), 6.1(1e), 5.5(13a), 5.5(12a), 5.5(11a), 5.5(10a), 5.5(7a), 5.4(4a), 5.4(2a), 5.3(6a)CSX, 5.2(7a), 5.2(3a)CSX, 5.1(2b), 5.1(1a)CSX, 4.5(13a), 4.5(12a), 4.5(6a)
In all cases, customers should exercise caution to confirm that the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new software release.
As a workaround, apply IP Permit List for SNMP to enable access to the switch's management interface only from the network management workstations. For instructions on how to do this, please refer to http://www.cisco.com/univercd/cc/td/doc/product/lan/cat5000/rel_6_3/config/ip_perm.htm.
For details, see http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml |
| Related URL |
CVE-2002-0012,CVE-2002-0013 (CVE) |
| Related URL |
4088 (SecurityFocus) |
| Related URL |
8177 (ISS) |
|
