Cisco IOS Software UBR Devices SNMP Subsystem Denial of Service Vulnerability

A vulnerability in the SNMP subsystem of Cisco Universal Broadband Router devices could allow an authenticated, remote attacker to cause a crash of the Parallel Express Forwarding (PXF) process on the Performance Routing Engine (PRE) module.

The vulnerability is due to a memory leak that occurs when certain values in docsIfMCmtsMib are polled via SNMP. An attacker who can authenticate and submit SNMP requests to an affected device could poll the affected element at a high rate and quickly exhaust process memory, resulting in a crash.

Cisco has confirmed the vulnerability and released software updates.

To exploit this vulnerability, an attacker must authenticate to the targeted device. This access requirement decreases the likelihood of a successful exploit.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.