Checking for New SNMP Vulnerabilities

Cisco Systems recently announced a patch for a vulnerability in Simple Network Management Protocol (SNMP) functions of some Cisco routers. “This vulnerability could allow an authenticated, remote attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to an incorrect initialized variable. An attacker could exploit this vulnerability by performing SNMP polling on MIBs and using only Interface Index (ifIndex) values. A successful exploit could allow the attacker to increase CPU usage to 99% on an affected device and cause a DoS condition.” 1

Whether or not you have Cisco routers, it is important to execute all the SNMP vulnerability tests in SilverCreek to verify that your SNMP agent is not vulnerable to attacks.

For this particular vulnerability, you can use the SilverCreek Memory Leak Tool to test your agent.

Start up SilverCreek and select an SNMP agent to test. Once SilverCreek has connected to the agent (device under test), start the Memory Leak Tool.

Select the ifIndex value to poll for one hour or more. No poll interval is needed; the Tool will send poll requests repeatedly.

The Memory Leak Tool will detect and print out the memory usage and cpu usage.

By continuously polling ifIndex variable, the agent will stop responding and the user should notice there is no response coming back because a DoS (Denial of Service) is triggered!

The results of this test will help you characterize the performance of your agent and its susceptibility to this particular vulnerability.

(1) Source: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-asrsnmp