[c-nsp] https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-x4LPhte Is vulnerability pre or post ACL?

Drew Weaver drew.weaver at thenap.com
Fri Sep 26 09:24:24 EDT 2025 

Sorry to reply to myself but the actual community string properly ACL'd would be:

snmp-server community YourVerySecureCommunityString RO ipv6 BLOCK_SNMP 60

I was typing out the original message off the top of my head so I forgot to block ipv6 in this fictional scenario.

Thanks,
-Drew


-----Original Message-----
From: cisco-nsp <cisco-nsp-bounces at puck.nether.net> On Behalf Of Drew Weaver via cisco-nsp
Sent: Friday, September 26, 2025 9:13 AM
To: 'cisco-nsp at puck.nether.net' <cisco-nsp at puck.nether.net>
Subject: [c-nsp] https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-x4LPhte Is vulnerability pre or post ACL?

Howdy,

I'm reviewing this vulnerability for IOS:

https://urldefense.proofpoint.com/v2/url?u=https-3A__sec.cloudapps.cisco.com_security_center_content_CiscoSecurityAdvisory_cisco-2Dsa-2Dsnmp-2Dx4LPhte&d=DwIGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=OPufM5oSy-PFpzfoijO_w76wskMALE1o4LtA3tMGmuw&m=F6wCvbnvx37ukci179UyasawMyyT7VktAYp5guk8gh2Ew9aqi0c_Ty7ebQA1PHp2&s=5xe1sxIH1DjHFhiX3rdQ-Up2GZx62rm2bmzYE_0aS_8&e=

In the advisory it doesn't seem to mention whether the code execution happens pre or post the application of the ACL?

Consider this example:

snmp-server community YourVerySecureCommunityString RO 60

I assume that the ACL blocking access to hosts other than the NMS would be enough to prevent this from being super widely exploitable but its IOS so I am thinking in IOS terms.

Anyone have any details on that?

Thanks,
-Drew




_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net https://urldefense.proofpoint.com/v2/url?u=https-3A__puck.nether.net_mailman_listinfo_cisco-2Dnsp&d=DwIGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=OPufM5oSy-PFpzfoijO_w76wskMALE1o4LtA3tMGmuw&m=F6wCvbnvx37ukci179UyasawMyyT7VktAYp5guk8gh2Ew9aqi0c_Ty7ebQA1PHp2&s=WRDf39tq4dbt-_pquF1PmOVyRKM6iQm7ns0NUVXl5kc&e=
archive at https://urldefense.proofpoint.com/v2/url?u=http-3A__puck.nether.net_pipermail_cisco-2Dnsp_&d=DwIGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=OPufM5oSy-PFpzfoijO_w76wskMALE1o4LtA3tMGmuw&m=F6wCvbnvx37ukci179UyasawMyyT7VktAYp5guk8gh2Ew9aqi0c_Ty7ebQA1PHp2&s=AFl3v_ajdb3yD39oZjtRnmrW_fu04r3yE7a-f19QHyE&e=

More information about the cisco-nsp mailing list