BugZero | Cisco BugID CSCwa72929 - SNMPv3 polling may fail using privacy algorithms A...

background buggy image

OPERATIONAL DEFECT DATABASE

...

Operational Defect Database

A free repository of operational (non-security) bugs centralized through custom integrations with leading IT vendors.

Product

Enterprise platform
Bug Scrub Advisor
Vendor Integrations

Company

Plans
Value Guide
About
Contact us

Resources

Blog
ServiceNow App
Trust Center
Risk Management
NIST
DORA

Operational Defect Database

A free repository of operational (non-security) bugs centralized through custom integrations with leading IT vendors.

Product

Enterprise platform
Bug Scrub Advisor
Vendor Integrations

Company

Plans
Value Guide
About
Contact us

Resources

Blog
ServiceNow App
Trust Center
Risk Management
NIST
DORA

©2025 BugZero. All Rights Reserved.

Privacy Policy Terms of Service

BugZero | Cisco BugID CSCwa72929 - SNMPv3 polling may fail using privacy algorithms A...

ODD
Cisco
CSCwa72929

Cisco - Defect ID: CSCwa72929

SNMPv3 polling may fail using privacy algorithms AES192/AES256

ODD
Cisco
CSCwa72929

Cisco - Defect ID: CSCwa72929

SNMPv3 polling may fail using privacy algorithms AES192/AES256

Last updated on September 30th, 2025

BugZero Risk Score
6.1 Medium

Overall: 6.1

Severity: 6.4

Lifecycle: 9.1

Popularity: 5.1

What is the BugZero Risk Score?

Cisco Integration

Learn more about where this data comes from

Cisco Integration

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Bug Details

Description

Symptom

SNMPv3 polling may fail using privacy algorithms AES192 or AES256. The output of the "show snmp-server statistics" commands shows that the "SNMP packets input" counter increases, while the "SNMP packets output" does not. fpr(config)# show snmp-server statistics 177 SNMP packets input <============== Incoming packets 0 Bad SNMP version errors 0 Unknown community name 0 Illegal operation for community name supplied 0 Encoding errors 0 Number of requested variables 0 Number of altered variables 0 Get-request PDUs 0 Get-next PDUs 0 Get-bulk PDUs 0 Set-request PDUs (Not supported) 0 SNMP packets output <=========== 0 outgoing packets 0 Too big errors (Maximum packet size 1500) 0 No such name errors 0 Bad values errors 0 General errors 0 Response PDUs 0 Trap PDUs These clients are tested: Linux netsnmp version 5.9 with AES192/AES256 support. root@ub1:~/bugs# snmpwalk -V NET-SNMP version: 5.9 Windows SnmpSoft Snmpwalk v1.01.

Conditions

The symptoms are observed when using the authentication algorithm SHA with the privacy algorithms AES192 or AES256.

Workaround

Need to use AES128 or AES192c or AES256c to do snmp v3walk. ('c' indicates cisco mib/oids)

Further Problem Description

Change history

2025-07-16 Added: 9.14.1.15, 9.14.1.19, 9.14.1.30, 9.14.2, 9.14.2.13, 9.14.2.15, 9.14.2.4, 9.14.2.8, 9.14.3, 9.14.3.1, 9.14.3.11, 9.14.3.13, 9.14.3.15, 9.14.3.18, 9.14.3.9, 9.14.4, 9.14.4.12, 9.14.4.13, 9.14.4.14, 9.14.4.6, 9.14.4.7, 9.15.1, 9.15.1.1, 9.15.1.10, 9.15.1.15, 9.15.1.16, 9.15.1.17, 9.15.1.21, 9.15.1.7, 9.16.1, 9.16.1.28, 9.16.2, 9.16.2.11, 9.16.2.13, 9.16.2.14, 9.16.2.3, 9.16.2.7, 9.16.3, 9.16.3.14, 9.16.3.15, 9.16.3.19, 9.16.3.3, 9.17.1, 9.17.1.10, 9.17.1.11, 9.17.1.13, 9.17.1.15, 9.17.1.20, 9.17.1.30, 9.17.1.33, 9.17.1.39, 9.17.1.45, 9.17.1.46, 9.17.1.7, 9.17.1.9, 9.18.1, 9.18.1.3, 9.18.2

Relevant Products

Click on a version to see all relevant bugs

Affected versions:9.14.1.15, 9.14.1.19, 9.14.1.30, 9.14.2, 9.14.2.13, 9.14.2.15, 9.14.2.4, 9.14.2.8, 9.14.3, 9.14.3.1, 9.14.3.11, 9.14.3.13, 9.14.3.15, 9.14.3.18, 9.14.3.9, 9.14.4, 9.14.4.12, 9.14.4.13, 9.14.4.14, 9.14.4.6, 9.14.4.7, 9.15.1, 9.15.1.1, 9.15.1.10, 9.15.1.15, 9.15.1.16, 9.15.1.17, 9.15.1.21, 9.15.1.7, 9.16.1, 9.16.1.28, 9.16.2, 9.16.2.11, 9.16.2.13, 9.16.2.14, 9.16.2.3, 9.16.2.7, 9.16.3, 9.16.3.14, 9.16.3.15, 9.16.3.19, 9.16.3.3, 9.17.1, 9.17.1.10, 9.17.1.11, 9.17.1.13, 9.17.1.15, 9.17.1.20, 9.17.1.30, 9.17.1.33, 9.17.1.39, 9.17.1.45, 9.17.1.46, 9.17.1.7, 9.17.1.9, 9.18.1, 9.18.1.3, 9.18.2

Fixed versions: 9.14.4.15, 9.14.4.17, 9.14.4.22, 9.14.4.23, 9.14.4.24, 9.16.3.23, 9.16.4, 9.16.4.14, 9.16.4.18, 9.16.4.19, 9.16.4.27, 9.16.4.38, 9.16.4.39, 9.16.4.42, 9.16.4.48, 9.16.4.55, 9.16.4.57, 9.16.4.61, 9.16.4.62, 9.16.4.67, 9.16.4.70, 9.16.4.71, 9.16.4.76, 9.16.4.82, 9.16.4.84, 9.16.4.9, 9.18.2.5, 9.18.2.7, 9.18.2.8, 9.18.3, 9.18.3.39, 9.18.3.46, 9.18.3.53, 9.18.3.55, 9.18.3.56, 9.18.4, 9.18.4.22, 9.18.4.24, 9.18.4.29, 9.18.4.34, 9.18.4.40, 9.18.4.47, 9.18.4.5, 9.18.4.50, 9.18.4.52, 9.18.4.53, 9.18.4.57, 9.18.4.8, 9.19.1, 9.19.1.12, 9.19.1.18, 9.19.1.22, 9.19.1.24, 9.19.1.27, 9.19.1.28, 9.19.1.31, 9.19.1.37, 9.19.1.38, 9.19.1.42, 9.19.1.5, 9.19.1.9, 9.20.1, 9.20.1.5, 9.20.2, 9.20.2.10, 9.20.2.21, 9.20.2.22, 9.20.3, 9.20.3.10, 9.20.3.13, 9.20.3.16, 9.20.3.20, 9.20.3.4, 9.20.3.7, 9.20.3.9, 9.20.4, 9.22.1.1, 9.22.1.2, 9.22.1.3, 9.22.1.6, 9.22.2, 9.22.2.4, 9.22.2.9, 9.23.1, 9.23.1.3, 9.23.1.7

Relevant Products

Click on a version to see all relevant bugs

Affected versions:9.14.1.15, 9.14.1.19, 9.14.1.30, 9.14.2, 9.14.2.13, 9.14.2.15, 9.14.2.4, 9.14.2.8, 9.14.3, 9.14.3.1, 9.14.3.11, 9.14.3.13, 9.14.3.15, 9.14.3.18, 9.14.3.9, 9.14.4, 9.14.4.12, 9.14.4.13, 9.14.4.14, 9.14.4.6, 9.14.4.7, 9.15.1, 9.15.1.1, 9.15.1.10, 9.15.1.15, 9.15.1.16, 9.15.1.17, 9.15.1.21, 9.15.1.7, 9.16.1, 9.16.1.28, 9.16.2, 9.16.2.11, 9.16.2.13, 9.16.2.14, 9.16.2.3, 9.16.2.7, 9.16.3, 9.16.3.14, 9.16.3.15, 9.16.3.19, 9.16.3.3, 9.17.1, 9.17.1.10, 9.17.1.11, 9.17.1.13, 9.17.1.15, 9.17.1.20, 9.17.1.30, 9.17.1.33, 9.17.1.39, 9.17.1.45, 9.17.1.46, 9.17.1.7, 9.17.1.9, 9.18.1, 9.18.1.3, 9.18.2

Fixed versions: 9.14.4.15, 9.14.4.17, 9.14.4.22, 9.14.4.23, 9.14.4.24, 9.16.3.23, 9.16.4, 9.16.4.14, 9.16.4.18, 9.16.4.19, 9.16.4.27, 9.16.4.38, 9.16.4.39, 9.16.4.42, 9.16.4.48, 9.16.4.55, 9.16.4.57, 9.16.4.61, 9.16.4.62, 9.16.4.67, 9.16.4.70, 9.16.4.71, 9.16.4.76, 9.16.4.82, 9.16.4.84, 9.16.4.9, 9.18.2.5, 9.18.2.7, 9.18.2.8, 9.18.3, 9.18.3.39, 9.18.3.46, 9.18.3.53, 9.18.3.55, 9.18.3.56, 9.18.4, 9.18.4.22, 9.18.4.24, 9.18.4.29, 9.18.4.34, 9.18.4.40, 9.18.4.47, 9.18.4.5, 9.18.4.50, 9.18.4.52, 9.18.4.53, 9.18.4.57, 9.18.4.8, 9.19.1, 9.19.1.12, 9.19.1.18, 9.19.1.22, 9.19.1.24, 9.19.1.27, 9.19.1.28, 9.19.1.31, 9.19.1.37, 9.19.1.38, 9.19.1.42, 9.19.1.5, 9.19.1.9, 9.20.1, 9.20.1.5, 9.20.2, 9.20.2.10, 9.20.2.21, 9.20.2.22, 9.20.3, 9.20.3.10, 9.20.3.13, 9.20.3.16, 9.20.3.20, 9.20.3.4, 9.20.3.7, 9.20.3.9, 9.20.4, 9.22.1.1, 9.22.1.2, 9.22.1.3, 9.22.1.6, 9.22.2, 9.22.2.4, 9.22.2.9, 9.23.1, 9.23.1.3, 9.23.1.7

Top Cisco Defects

9.7Defect ID: CSCwq31287
Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability
9.7Defect ID: CSCwd45843
Auth Step latency for policy evaluation due to Garbage Collection activity.
9.7Defect ID: CSCvx32806
Access Points stuck in bootloop due to image checksum verification failed
9.7Defect ID: CSCwq79831
Cisco Secure Firewall Adaptive Security Appliance Software and Secure Firewall Threat Defense Software VPN Web Server Remote Code Execution Vulnerability
9.7Defect ID: CSCwj73634
Full or partial 9800 configuration loss after HA SSO failover

Ready to prevent the next vendor outage?

Links

Original Vendor Announcement

Cisco Integration

Learn more about where this data comes from

Cisco Integration

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise