Drew Weaver via cisco-nsp wrote on 26/09/2025 14:13:
I assume that the ACL blocking access to hosts other than the NMS
would be enough to prevent this from being super widely exploitable
but its IOS so I am thinking in IOS terms.
the description says that you need to be authenticated before being able
to exploit this particular vuln. I.e. you need an snmp community or
snmpv3 username / password to make this work.
Having said that:
1. the "Workarounds" section doesn't include SNMP ACLs as a mitigation
measure
2. it's possible to retrieve an snmp engineid on several different
xe/nxos platforms without authentication, even if there's an ACL in
place (check out the "snmp-info.nse" script in nmap for this particular
hilarity). This suggests - but doesn't prove - that ACLs are handled
inside the IOS snmp engine, and that they are applied some time after
incoming snmp datagrams are parsed.
This isn't an answer to your question, but if I had concerns about
people having snmp credentials, I'd be thinking hard about an upgrade to
a fixed version.
Nick
_______________________________________________
cisco-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
