Cisco IOS XR Software SNMP Management Plane Protection ACL Bypass Vulnerability

A vulnerability in the Local Packet Transport Services (LPTS) programming of the SNMP with the management plane protection feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to allow connections despite the management plane protection that is configured to deny access to the SNMP server of an affected device.

This vulnerability is due to incorrect LPTS programming when using SNMP with management plane protection. An attacker could exploit this vulnerability by connecting to an affected device using SNMP. A successful exploit could allow the attacker to connect to the device on the configured SNMP ports. Valid credentials are required to execute any of the SNMP requests.

Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-7MKrW7Nq

Security Impact Rating: Medium

CVE: CVE-2021-1243

Related:

  • No Related Posts

Configuration SyncPropagation and GSLB Metrics Exchange Might Fail After Upgrade to 13.0 64.x12.1 61.x

Citrix ADC software version 13.0 build 64.x and later, and version 12.1 build 61.x and later have Secure RPC enabled by default. After upgrading to one of these versions from an older version, you may experience issues with configuration synchronization and propagation and/or GSLB metrics exchange (MEP) between ADC appliances which are configured to use HA, Clustering, or GSLB.

The two issues that may occur are:

Issue #1: Configuration synchronization and/or GSLB metrics exchange fail due to being blocked by firewalls:

  • Non-secure configuration synchronization and propagation for HA, clustering and GSLB communicate on TCP port 3010. In secure mode, this changes to TCP port 3008.

  • Non-secure GSLB Metrics Exchange Protocol (MEP) communicates on TCP port 3011. In secure mode, this changes to TCP port 3009.

Issue #2: Configuration synchronization and/or GSLB metrics exchange fail due to difference in RPC mode configuration on different ADCs:

  • All appliances participating in an HA, Clustered, or GSLB configuration must use the same RPC method (secure or non-secure). Synchronization failures and GSLB MEP failures will occur if some ADCs are configured with secure RPC and other ADCs are configured with non-secure RPC.

  • ADC running software versions older than 13.0 build 64.x or 12.1 build 61.x may still be configure to use non-secure RPC.

Note that both issues may occur simultaneously, and if so, multiple steps may be required to resolve both issues.

Related:

  • No Related Posts

Configuration SyncPropagation and GSLB Metrics Exchange Might Fail After Upgrade to 13.0 64.x12.1 61.x

Citrix ADC software version 13.0 build 64.x and later, and version 12.1 build 61.x and later have Secure RPC enabled by default. After upgrading to one of these versions from an older version, you may experience issues with configuration synchronization and propagation and/or GSLB metrics exchange (MEP) between ADC appliances which are configured to use HA, Clustering, or GSLB.

The two issues that may occur are:

Issue #1: Configuration synchronization and/or GSLB metrics exchange fail due to being blocked by firewalls:

  • Non-secure configuration synchronization and propagation for HA, clustering and GSLB communicate on TCP port 3010. In secure mode, this changes to TCP port 3008.

  • Non-secure GSLB Metrics Exchange Protocol (MEP) communicates on TCP port 3011. In secure mode, this changes to TCP port 3009.

Issue #2: Configuration synchronization and/or GSLB metrics exchange fail due to difference in RPC mode configuration on different ADCs:

  • All appliances participating in an HA, Clustered, or GSLB configuration must use the same RPC method (secure or non-secure). Synchronization failures and GSLB MEP failures will occur if some ADCs are configured with secure RPC and other ADCs are configured with non-secure RPC.

  • ADC running software versions older than 13.0 build 64.x or 12.1 build 61.x may still be configure to use non-secure RPC.

Note that both issues may occur simultaneously, and if so, multiple steps may be required to resolve both issues.

Related:

  • No Related Posts

Configuration SyncPropagation and GSLB Metrics Exchange Might Fail After Upgrade to 13.0 64.x12.1 61.x

Citrix ADC software version 13.0 build 64.x and later, and version 12.1 build 61.x and later have Secure RPC enabled by default. After upgrading to one of these versions from an older version, you may experience issues with configuration synchronization and propagation and/or GSLB metrics exchange (MEP) between ADC appliances which are configured to use HA, Clustering, or GSLB.

The two issues that may occur are:

Issue #1: Configuration synchronization and/or GSLB metrics exchange fail due to being blocked by firewalls:

  • Non-secure configuration synchronization and propagation for HA, clustering and GSLB communicate on TCP port 3010. In secure mode, this changes to TCP port 3008.

  • Non-secure GSLB Metrics Exchange Protocol (MEP) communicates on TCP port 3011. In secure mode, this changes to TCP port 3009.

Issue #2: Configuration synchronization and/or GSLB metrics exchange fail due to difference in RPC mode configuration on different ADCs:

  • All appliances participating in an HA, Clustered, or GSLB configuration must use the same RPC method (secure or non-secure). Synchronization failures and GSLB MEP failures will occur if some ADCs are configured with secure RPC and other ADCs are configured with non-secure RPC.

  • ADC running software versions older than 13.0 build 64.x or 12.1 build 61.x may still be configure to use non-secure RPC.

Note that both issues may occur simultaneously, and if so, multiple steps may be required to resolve both issues.

Related:

  • No Related Posts

Configuration SyncPropagation and GSLB Metrics Exchange Might Fail After Upgrade to 13.0 64.x12.1 61.x

Citrix ADC software version 13.0 build 64.x and later, and version 12.1 build 61.x and later have Secure RPC enabled by default. After upgrading to one of these versions from an older version, you may experience issues with configuration synchronization and propagation and/or GSLB metrics exchange (MEP) between ADC appliances which are configured to use HA, Clustering, or GSLB.

The two issues that may occur are:

Issue #1: Configuration synchronization and/or GSLB metrics exchange fail due to being blocked by firewalls:

  • Non-secure configuration synchronization and propagation for HA, clustering and GSLB communicate on TCP port 3010. In secure mode, this changes to TCP port 3008.

  • Non-secure GSLB Metrics Exchange Protocol (MEP) communicates on TCP port 3011. In secure mode, this changes to TCP port 3009.

Issue #2: Configuration synchronization and/or GSLB metrics exchange fail due to difference in RPC mode configuration on different ADCs:

  • All appliances participating in an HA, Clustered, or GSLB configuration must use the same RPC method (secure or non-secure). Synchronization failures and GSLB MEP failures will occur if some ADCs are configured with secure RPC and other ADCs are configured with non-secure RPC.

  • ADC running software versions older than 13.0 build 64.x or 12.1 build 61.x may still be configure to use non-secure RPC.

Note that both issues may occur simultaneously, and if so, multiple steps may be required to resolve both issues.

Related:

  • No Related Posts

Configuration SyncPropagation and GSLB Metrics Exchange Might Fail After Upgrade to 13.0 64.x12.1 61.x

Citrix ADC software version 13.0 build 64.x and later, and version 12.1 build 61.x and later have Secure RPC enabled by default. After upgrading to one of these versions from an older version, you may experience issues with configuration synchronization and propagation and/or GSLB metrics exchange (MEP) between ADC appliances which are configured to use HA, Clustering, or GSLB.

The two issues that may occur are:

Issue #1: Configuration synchronization and/or GSLB metrics exchange fail due to being blocked by firewalls:

  • Non-secure configuration synchronization and propagation for HA, clustering and GSLB communicate on TCP port 3010. In secure mode, this changes to TCP port 3008.

  • Non-secure GSLB Metrics Exchange Protocol (MEP) communicates on TCP port 3011. In secure mode, this changes to TCP port 3009.

Issue #2: Configuration synchronization and/or GSLB metrics exchange fail due to difference in RPC mode configuration on different ADCs:

  • All appliances participating in an HA, Clustered, or GSLB configuration must use the same RPC method (secure or non-secure). Synchronization failures and GSLB MEP failures will occur if some ADCs are configured with secure RPC and other ADCs are configured with non-secure RPC.

  • ADC running software versions older than 13.0 build 64.x or 12.1 build 61.x may still be configure to use non-secure RPC.

Note that both issues may occur simultaneously, and if so, multiple steps may be required to resolve both issues.

Related:

  • No Related Posts

Configuration SyncPropagation and GSLB Metrics Exchange Might Fail After Upgrade to 13.0 64.x12.1 61.x

Citrix ADC software version 13.0 build 64.x and later, and version 12.1 build 61.x and later have Secure RPC enabled by default. After upgrading to one of these versions from an older version, you may experience issues with configuration synchronization and propagation and/or GSLB metrics exchange (MEP) between ADC appliances which are configured to use HA, Clustering, or GSLB.

The two issues that may occur are:

Issue #1: Configuration synchronization and/or GSLB metrics exchange fail due to being blocked by firewalls:

  • Non-secure configuration synchronization and propagation for HA, clustering and GSLB communicate on TCP port 3010. In secure mode, this changes to TCP port 3008.

  • Non-secure GSLB Metrics Exchange Protocol (MEP) communicates on TCP port 3011. In secure mode, this changes to TCP port 3009.

Issue #2: Configuration synchronization and/or GSLB metrics exchange fail due to difference in RPC mode configuration on different ADCs:

  • All appliances participating in an HA, Clustered, or GSLB configuration must use the same RPC method (secure or non-secure). Synchronization failures and GSLB MEP failures will occur if some ADCs are configured with secure RPC and other ADCs are configured with non-secure RPC.

  • ADC running software versions older than 13.0 build 64.x or 12.1 build 61.x may still be configure to use non-secure RPC.

Note that both issues may occur simultaneously, and if so, multiple steps may be required to resolve both issues.

Related:

  • No Related Posts

Configuration SyncPropagation and GSLB Metrics Exchange Might Fail After Upgrade to 13.0 64.x12.1 61.x

Citrix ADC software version 13.0 build 64.x and later, and version 12.1 build 61.x and later have Secure RPC enabled by default. After upgrading to one of these versions from an older version, you may experience issues with configuration synchronization and propagation and/or GSLB metrics exchange (MEP) between ADC appliances which are configured to use HA, Clustering, or GSLB.

The two issues that may occur are:

Issue #1: Configuration synchronization and/or GSLB metrics exchange fail due to being blocked by firewalls:

  • Non-secure configuration synchronization and propagation for HA, clustering and GSLB communicate on TCP port 3010. In secure mode, this changes to TCP port 3008.

  • Non-secure GSLB Metrics Exchange Protocol (MEP) communicates on TCP port 3011. In secure mode, this changes to TCP port 3009.

Issue #2: Configuration synchronization and/or GSLB metrics exchange fail due to difference in RPC mode configuration on different ADCs:

  • All appliances participating in an HA, Clustered, or GSLB configuration must use the same RPC method (secure or non-secure). Synchronization failures and GSLB MEP failures will occur if some ADCs are configured with secure RPC and other ADCs are configured with non-secure RPC.

  • ADC running software versions older than 13.0 build 64.x or 12.1 build 61.x may still be configure to use non-secure RPC.

Note that both issues may occur simultaneously, and if so, multiple steps may be required to resolve both issues.

Related:

  • No Related Posts