Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveCiscoCVE-2017-6615
HistoryApr 20, 2017 - 10:59 p.m.

CVE-2017-6615

2017-04-2022:59:00
CWE-125
CWE-399
CWE-362
cisco
web.nvd.nist.gov
32
cve-2017-6615
cisco
snmp
vulnerability
denial of service
dos
nvd
cisco bug id

CVSS2

6.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:N/I:N/A:C

CVSS3

6.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H

AI Score

6.3

Confidence

High

EPSS

0.002

Percentile

58.9%

JSON

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE 3.16 could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a race condition that could occur when the affected software processes an SNMP read request that contains certain criteria for a specific object ID (OID) and an active crypto session is disconnected on an affected device. An attacker who can authenticate to an affected device could trigger this vulnerability by issuing an SNMP request for a specific OID on the device. A successful exploit will cause the device to restart due to an attempt to access an invalid memory region. The attacker does not control how or when crypto sessions are disconnected on the device. Cisco Bug IDs: CSCvb94392.

Affected configurations

Nvd
Node
ciscoios_xeMatch3.16.0cs
OR
ciscoios_xeMatch3.16.0s
OR
ciscoios_xeMatch3.16.1as
OR
ciscoios_xeMatch3.16.1s
OR
ciscoios_xeMatch3.16.2s
VendorProductVersionCPE
ciscoios_xe3.16.0cscpe:2.3:o:cisco:ios_xe:3.16.0cs:*:*:*:*:*:*:*
ciscoios_xe3.16.0scpe:2.3:o:cisco:ios_xe:3.16.0s:*:*:*:*:*:*:*
ciscoios_xe3.16.1ascpe:2.3:o:cisco:ios_xe:3.16.1as:*:*:*:*:*:*:*
ciscoios_xe3.16.1scpe:2.3:o:cisco:ios_xe:3.16.1s:*:*:*:*:*:*:*
ciscoios_xe3.16.2scpe:2.3:o:cisco:ios_xe:3.16.2s:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Cisco IOS XE Software",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco IOS XE Software"
      }
    ]
  }
]

Related

prion 1
openvas 1
cisco 1
nvd 1
cvelist 1
prion
prion
Race condition
2017-04-20 22:59:00
openvas
openvas
Cisco IOS XE Software Simple Network Management Protocol Subsystem Denial of Service Vulnerability
2017-04-20 00:00:00
cisco
cisco
Cisco IOS and IOS XE Software Simple Network Management Protocol Subsystem Denial of Service Vulnerability
2017-04-19 16:00:00
nvd
nvd
CVE-2017-6615
2017-04-20 22:59:00
cvelist
cvelist
CVE-2017-6615
2017-04-20 22:00:00

CVSS2

6.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:N/I:N/A:C

CVSS3

6.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H

AI Score

6.3

Confidence

High

EPSS

0.002

Percentile

58.9%

JSON
Related for CVE-2017-6615
prion1openvas1cisco1nvd1cvelist1