Vulnerability in Cisco devices actively exploited

Systems using SNMPv1 or SNMPv2, directly connected to the internet, whose default community strings have not been modified, are highly likely to be successfully attacked, allowing attackers to take full control of the system. These systems must be patched immediately.
‍
Systems using SNMPv3, whose community strings have been modified, or that are not directly connected to the internet are slightly less at risk but should also be patched as soon as possible.

More than 2 million Cisco devices are potentially vulnerable and exposed to the internet via SNMP, nearly 32,000 of which are in the Netherlands.

‍

Cisco has released software updates that address this vulnerability. No workarounds are available. Organizations are advised to upgrade to a patched version as soon as possible, as described in Cisco's advisory.

In addition, it is possible to disable the specific Object IDs affected by this vulnerability, but this may also impact SNMP functionality. This is also described in Cisco's advisory.

Furthermore, it is recommended to:

- Switch to SNMPv3, which is generally more secure than v1 and v2.

- Restrict SNMP access to trusted networks.

- Avoid using default community strings when using SNMPv1 and SNMPv2.

‍

• Cisco IOS and IOS XE Software SNMPDenial of Service and Remote Code Execution Vulnerability

‍