CVE-2017-3820

Name of the Vulnerable Software and Affected Versions Cisco ASR 1000 Series Aggregation Services Routers versions 3.13.6S through 3.17.1S Cisco ASR 1000 Series Aggregation Services Routers version 15.5(3)S2.1 Cisco ASR 1000 Series Aggregation Services Routers version 15.6(1)S1.1

Description A vulnerability in Simple Network Management Protocol (SNMP) functions could allow an authenticated, remote attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to an incorrect initialized variable. An attacker could exploit this vulnerability by performing SNMP polling on MIBs and using only Interface Index (ifIndex) values. A successful exploit could allow the attacker to increase CPU usage to 99% on an affected device and cause a DoS condition.

Recommendations For Cisco ASR 1000 Series Aggregation Services Routers version 15.5(3)S2.1, update to version 15.5(3)S2.2 or later. For Cisco ASR 1000 Series Aggregation Services Routers version 15.6(1)S1.1, update to version 15.6(1)S2 or later. For Cisco ASR 1000 Series Aggregation Services Routers versions 3.13.6S through 3.17.1S, update to a fixed release, such as 15.4(3)S6.1, 15.4(3)S6.2, 15.5(3)S2.2, 15.5(3)S3, 15.6(0.22)S0.23, 15.6(1)S2, or 16.2(0.295).