Sorry to reply to myself but the actual community string properly ACL'd would be:
snmp-server community YourVerySecureCommunityString RO ipv6 BLOCK_SNMP 60 I was typing out the original message off the top of my head so I forgot to block ipv6 in this fictional scenario. Thanks, -Drew -----Original Message----- From: cisco-nsp <[email protected]> On Behalf Of Drew Weaver via cisco-nsp Sent: Friday, September 26, 2025 9:13 AM To: '[email protected]' <[email protected]> Subject: [c-nsp] https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-x4LPhte Is vulnerability pre or post ACL? Howdy, I'm reviewing this vulnerability for IOS: https://urldefense.proofpoint.com/v2/url?u=https-3A__sec.cloudapps.cisco.com_security_center_content_CiscoSecurityAdvisory_cisco-2Dsa-2Dsnmp-2Dx4LPhte&d=DwIGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=OPufM5oSy-PFpzfoijO_w76wskMALE1o4LtA3tMGmuw&m=F6wCvbnvx37ukci179UyasawMyyT7VktAYp5guk8gh2Ew9aqi0c_Ty7ebQA1PHp2&s=5xe1sxIH1DjHFhiX3rdQ-Up2GZx62rm2bmzYE_0aS_8&e= In the advisory it doesn't seem to mention whether the code execution happens pre or post the application of the ACL? Consider this example: snmp-server community YourVerySecureCommunityString RO 60 I assume that the ACL blocking access to hosts other than the NMS would be enough to prevent this from being super widely exploitable but its IOS so I am thinking in IOS terms. Anyone have any details on that? Thanks, -Drew _______________________________________________ cisco-nsp mailing list [email protected] https://urldefense.proofpoint.com/v2/url?u=https-3A__puck.nether.net_mailman_listinfo_cisco-2Dnsp&d=DwIGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=OPufM5oSy-PFpzfoijO_w76wskMALE1o4LtA3tMGmuw&m=F6wCvbnvx37ukci179UyasawMyyT7VktAYp5guk8gh2Ew9aqi0c_Ty7ebQA1PHp2&s=WRDf39tq4dbt-_pquF1PmOVyRKM6iQm7ns0NUVXl5kc&e= archive at https://urldefense.proofpoint.com/v2/url?u=http-3A__puck.nether.net_pipermail_cisco-2Dnsp_&d=DwIGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=OPufM5oSy-PFpzfoijO_w76wskMALE1o4LtA3tMGmuw&m=F6wCvbnvx37ukci179UyasawMyyT7VktAYp5guk8gh2Ew9aqi0c_Ty7ebQA1PHp2&s=AFl3v_ajdb3yD39oZjtRnmrW_fu04r3yE7a-f19QHyE&e= _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
