Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Saturday July 15 2017, @07:04PM   Printer-friendly
from the patchwork dept.

Arthur T Knackerbracket has found the following story:

Cisco has patched nine serious remote code execution vulnerabilities in the SNMP subsystem running in its IOS and IOS XE software. The vulnerabilities had been publicly disclosed.

Cisco notified users of the availability of patches after releasing its initial advisory on the matter on June 29, warning of the public disclosure as well as providing workarounds.

All releases of Cisco IOS and IOS XE software are affected, as are all versions of SNMP (1, 2c and 3), the company said. A request for comment from Cisco on the source of the public disclosures was not returned in time for publication.

Nine buffer overflow vulnerabilities (CVE-2017-6736-CVE-2017-6744) were patched, each allowing a remote attacker without authentication to use specially crafted SNMP packets to exploit the flaws and either execute code remotely or cause a system to reload, Cisco said.

Systems running SNMP version 2c or earlier can be exploited only if an attacker knows the SNMP read-only community string for the particular system. For SNMP version 3, an attacker would have to have credentials for a targeted system to carry out an attack.

"A successful exploit could allow the attacker to execute arbitrary code and obtain full control of the affected system or cause the affected system to reload," Cisco said in its advisory.

-- submitted from IRC


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by kaszz on Sunday July 16 2017, @01:24AM (1 child)

    by kaszz (4211) on Sunday July 16 2017, @01:24AM (#539733) Journal

    Aha.. a real bug as opposed to the agency sponsored ones? :-)

    This must be fixed. Moaahr H1B me very good + "I must get into management"....

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 0) by Anonymous Coward on Sunday July 16 2017, @04:42PM

    by Anonymous Coward on Sunday July 16 2017, @04:42PM (#539931)

    do the needfull.