Loading...
Loading...
When snmp process is polled using a SNMPv3 unknown username, the router reports back with error pdu mentioning "unknown user name".
The issue is seen when snmpv3 is being used to poll and is polled with incorrect user name configuration. The device only needs to be configured with SNMPv2 or SNMPv3.
No workaround available to stop sending the error pdu. Using iACL of CPP to drop the SNMP packets from untrusted sources would prevent an untrusted source from receiving the information. The SNMP ACL does not prevent this packet from being returned to a device that is not in the SNMP ACL.
This was originally disclosed via Cisco bug ID CSCvg24686 and the issue came back into the code. After this fix there is no requirement for the CLI commands to be entered. PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 4/3.8: http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:N/AC:L/Au:S/C:P/I:N/A:N/E:F/RL:U/RC:C&version=2.0 CVE ID CVE-2012-5719 has been assigned to document this issue. Additional information on Cisco''s security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
Click on a version to see all relevant bugs
Cisco Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.