Lucene search

[email protected]CVE-2017-3859

HistoryMar 22, 2017 - 7:59 p.m.

CVE-2017-3859

2017-03-2219:59:00

CWE-134

[email protected]

web.nvd.nist.gov

cisco

asr 920

dhcp

zero touch provisioning

vulnerability

cve-2017-3859

cisco bug ids

format string vulnerability

dos

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.004 Low

EPSS

Percentile

72.2%

JSON

A vulnerability in the DHCP code for the Zero Touch Provisioning feature of Cisco ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a format string vulnerability when processing a crafted DHCP packet for Zero Touch Provisioning. An attacker could exploit this vulnerability by sending a specially crafted DHCP packet to an affected device. An exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. This vulnerability affects Cisco ASR 920 Series Aggregation Services Routers that are running an affected release of Cisco IOS XE Software (3.13 through 3.18) and are listening on the DHCP server port. By default, the devices do not listen on the DHCP server port. Cisco Bug IDs: CSCuy56385.

Affected configurations

NVD

Node

ciscoios_xeMatch3.13.4s

ciscoios_xeMatch3.13.5as

ciscoios_xeMatch3.13.5s

ciscoios_xeMatch3.13.6as

ciscoios_xeMatch3.13.6s

ciscoios_xeMatch3.14.3s

ciscoios_xeMatch3.14.4s

ciscoios_xeMatch3.15.2s

ciscoios_xeMatch3.15.3s

ciscoios_xeMatch3.15.4s

ciscoios_xeMatch3.16.0cs

ciscoios_xeMatch3.16.0s

ciscoios_xeMatch3.16.1as

ciscoios_xeMatch3.16.1s

ciscoios_xeMatch3.16.2as

ciscoios_xeMatch3.16.2bs

ciscoios_xeMatch3.16.2s

ciscoios_xeMatch3.16.3as

ciscoios_xeMatch3.16.3s

ciscoios_xeMatch3.17.0s

ciscoios_xeMatch3.17.1as

ciscoios_xeMatch3.17.1s

ciscoios_xeMatch3.17.2s

ciscoios_xeMatch3.18.0as

ciscoios_xeMatch3.18.0s

ciscoios_xeMatch3.18.0sp

ciscoios_xeMatch3.18.1asp

ciscoios_xeMatch3.18.1bsp

ciscoios_xeMatch3.18.1csp

ciscoios_xeMatch3.18.1s

ciscoios_xeMatch3.18.1sp

ciscoios_xeMatch3.18.2s

ciscoios_xeMatch3.18.3vs

AND

ciscoasr-920-12cz-aMatch-

ciscoasr-920-12cz-dMatch-

ciscoasr-920-12sz-imMatch-

ciscoasr-920-24sz-imMatch-

ciscoasr-920-24sz-mMatch-

ciscoasr-920-24tz-mMatch-

ciscoasr-920-4sz-aMatch-

ciscoasr-920-4sz-dMatch-

CPENameOperatorVersion
cisco:ios_xecisco ios xeeq3.13.4s
cisco:ios_xecisco ios xeeq3.13.5as
cisco:ios_xecisco ios xeeq3.13.5s
cisco:ios_xecisco ios xeeq3.13.6as
cisco:ios_xecisco ios xeeq3.13.6s
cisco:ios_xecisco ios xeeq3.14.3s
cisco:ios_xecisco ios xeeq3.14.4s
cisco:ios_xecisco ios xeeq3.15.2s
cisco:ios_xecisco ios xeeq3.15.3s
cisco:ios_xecisco ios xeeq3.15.4s

CPE	Name	Operator	Version
cisco:ios_xe	cisco ios xe	eq	3.13.4s
cisco:ios_xe	cisco ios xe	eq	3.13.5as
cisco:ios_xe	cisco ios xe	eq	3.13.5s
cisco:ios_xe	cisco ios xe	eq	3.13.6as
cisco:ios_xe	cisco ios xe	eq	3.13.6s
cisco:ios_xe	cisco ios xe	eq	3.14.3s
cisco:ios_xe	cisco ios xe	eq	3.14.4s
cisco:ios_xe	cisco ios xe	eq	3.15.2s
cisco:ios_xe	cisco ios xe	eq	3.15.3s
cisco:ios_xe	cisco ios xe	eq	3.15.4s

Rows per page:

1-10 of 331

CNA Affected

[
  {
    "product": "Cisco IOS XE Software for Cisco ASR 920 Series Routers",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco IOS XE Software for Cisco ASR 920 Series Routers"
      }
    ]
  }
]