CVE-2018-0160

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software (affected versions not specified)

Description: A vulnerability in the Simple Network Management Protocol (SNMP) subsystem could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The issue is due to improper management of memory resources, referred to as a double free. An attacker could exploit this by sending crafted SNMP packets to an affected device, potentially causing it to reload. To exploit this via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string, while for SNMP Version 3, the attacker must know the user credentials. This affects Cisco devices running a vulnerable release of Cisco IOS XE Software, configured to be queried over SNMP, and with Network Address Translation (NAT) enabled.

Recommendations: To address this vulnerability, apply the software updates released by Cisco that fix the issue. As a temporary workaround, consider restricting access to SNMP or disabling NAT on affected devices until a patch is applied. Avoid using SNMP Version 2c or earlier with default or easily guessable read-only community strings. For SNMP Version 3, ensure strong user credentials are used to prevent unauthorized access.