Resource management error in Cisco cBR-8 Converged Broadband and Cisco IOS XE

#VU56840 Resource management error in Cisco cBR-8 Converged Broadband and Cisco IOS XE

Published: 2021-09-23

Vulnerability identifier: #VU56840

Vulnerability risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1623

CWE-ID: CWE-399

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Cisco cBR-8 Converged Broadband
Hardware solutions / Routers & switches, VoIP, GSM, etc
Cisco IOS XE
Operating systems & Components / Operating system

Vendor: Cisco Systems, Inc

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources in the Simple Network Management Protocol (SNMP) punt handling function. A remote authenticated attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Cisco cBR-8 Converged Broadband: All versions

Cisco IOS XE: 16.12 - 16.12.1

External links
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cbr8snmp-zGjkZ9Fc

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Denial of service in Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers