**Name of the Vulnerable Software and Affected Versions**

Cisco IOS Software and Cisco IOS XE Software (affected versions not specified)

**Description**

A flaw exists in the Simple Network Management Protocol (SNMP) subsystem, allowing for potential denial of service (DoS) or remote code execution (RCE). An authenticated, remote attacker with low privileges could cause a DoS condition by sending a crafted SNMP packet. An attacker with high privileges could execute code as the root user, gaining full control of the system. This is due to a stack overflow condition in the SNMP subsystem. The vulnerability is actively being exploited in the wild. The attack vector involves sending a crafted SNMP packet over IPv4 or IPv6 networks. Exploitation requires the SNMPv1 or v2c read-only community string or valid SNMPv3 user credentials.

**Recommendations**

At the moment, there is no information about a newer version that contains a fix for this vulnerability.