CVE-2017-6615

Name of the Vulnerable Software and Affected Versions Cisco IOS XE versions 3.16

Description A vulnerability in the Simple Network Management Protocol (SNMP) subsystem could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The issue is due to a race condition that occurs when the affected software processes an SNMP read request containing certain criteria for a specific object ID (OID) and an active crypto session is disconnected on the affected device. An attacker who can authenticate to the device could trigger this issue by issuing an SNMP request for a specific OID, causing the device to restart due to an attempt to access an invalid memory region.

Recommendations For Cisco IOS XE version 3.16, update the software to a version that fixes the issue, as there are no workarounds that address this vulnerability. As a temporary workaround, consider restricting access to the SNMP subsystem to minimize the risk of exploitation.