Cisco IOS Software SNMP Read-Write ILMI Community String Vulnerability - Cisco Systems

This script is (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch

Description :

Cisco IOS Software releases based on versions 11.x and 12.0 contain a
defect that allows a limited number of SNMP objects to be viewed and
modified without authorization using a undocumented ILMI community
string. Some of the modifiable objects are confined to the MIB-II
system group, such as "sysContact", "sysLocation", and "sysName", that
do not affect the device's normal operation but that may cause
confusion if modified unexpectedly. The remaining objects are contained
in the LAN-EMULATION-CLIENT and PNNI MIBs, and modification of those
objects may affect ATM configuration. An affected device might be
vulnerable to a denial of service attack if it is not protected against
unauthorized use of the ILMI community string.
The vulnerability is only present in certain combinations of IOS
releases on Cisco routers and switches. ILMI is a necessary component
for ATM, and the vulnerability is present in every IOS release that
contains the supporting software for ATM and ILMI without regard to the
actual presence of an ATM interface or the physical ability of the
device to support an ATM connection.
To remove this vulnerability, Cisco is offering free software upgrades
for all affected platforms. The defect is documented in DDTS record
CSCdp11863.
In lieu of a software upgrade, a workaround can be applied to certain
IOS releases by disabling the ILMI community or "*ilmi" view and
applying an access list to prevent unauthorized access to SNMP. Any
affected system, regardless of software release, may be protected by
filtering SNMP traffic at a network perimeter or on individual devices.

See also :

http://www.nessus.org/u?2aaae497

Solution :

Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20010227-ios-snmp-ilmi.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.3
(CVSS2#E:H/RL:OF/RC:C)
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 48951 (cisco-sa-20010227-ios-snmp-ilmihttp.nasl)

Bugtraq ID: 2427

CVE ID: CVE-2001-0711