Symptom
A vulnerability in SNMP processing of Cisco IOS XR could allow an authenticated, remote attacker to cause a reload of the SNMPd process on the affected
device.
The vulnerability is due to improper parsing of a malformed SNMP packet. An attacker could exploit this vulnerability by sending a malformed SNMP packet to be processed by an affected device. An exploit could allow the attacker to cause a reload of the SNMPd process on the affected device.
Conditions
SNMPd configured.
Workaround
None.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 4/3.8:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:N/AC:L/Au:S/C:N/I:N/A:P/E:F/RL:U/RC:C&version=2.0
CVE ID CVE-2015-0661 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
Further Problem Description
affects all platforms and releases if SNMP configured
