A Denial-of-Service (DoS) vulnerability has been discovered in the Cisco Firepower 4100 Series, Firepower 9300 Security Appliances, and UCS 6300 Series Fabric Interconnects that could allow an authenticated, remote attacker to cause a denial-of-service condition on any affected device.
Due to improper handling, this specific flaw exists in SNMP (Simple Network Management Protocol) requests.
A threat actor can exploit this vulnerability by sending a crafted SNMP request to a vulnerable device, causing this DoS condition. Successful exploitation causes the vulnerable device to reload, making the service unavailable.
However, there are prerequisites for an attacker to exploit this vulnerability on the SNMPv2c or earlier.
An attacker requires information about the “SNMP community string” that consists of a user ID or password for accessing the router’s statistics.
CVE-2023-20200: Cisco SNMP Denial of Service Vulnerability
In addition, to exploit this vulnerability on the SNMPv3, the attacker requires valid credentials for an SNMP user configured on the affected device.
The CVE ID for this vulnerability has been given as CVE-2023-20200 and has a severity of 7.7 (High).
Furthermore, Cisco has released a security advisory for this vulnerability, including a list of vulnerable and non-vulnerable products.
Cisco confirmed that Cisco FXOS software releases 2.4.1 and later is not vulnerable to this DoS attack. Cisco has also provided steps to find the status of the SNMP of the device.
The Firepower 4100 Series, Firepower 9300 Security Appliances, and UCS 6300 Series Fabric Interconnects products of Cisco have SNMP enabled by default in vulnerable versions. However, current releases have SNMP disabled by default.
No workarounds have been found for this vulnerability, as mentioned by Cisco, and also released a software check feature on their security advisory, which users can use to detect if their version of the product is vulnerable to exploitation.
Source: https://cybersecuritynews.com/cisco-fxos-snmp-service-flaw/
