CVE-2017-3859

🗓️ 22 Mar 2017 19:00:00Reported by ciscoType

A vulnerability in Cisco ASR 920 Series Aggregation Services Routers may cause a denial of service (DoS) by remotely causing a device reload due to a format string vulnerability in the DHCP code for Zero Touch Provisioning feature

Reporter	Title	Published	Views	Family All 11
BDU FSTEC	The vulnerability of the Cisco IOS operating system’s DHCP service allows a attacker to trigger a device reboot and a service failure.	18 May 201700:00	–	bdu_fstec
Cisco	Cisco IOS XE Software for Cisco ASR 920 Series Routers Zero Touch Provisioning Denial of Service Vulnerability	22 Mar 201716:00	–	cisco
Tenable Nessus	Cisco IOS XE for Cisco ASR 920 Series Routers Zero Touch Provisioning DoS (cisco-sa-20170322-ztp)	29 Mar 201700:00	–	nessus
CNVD	Cisco IOS XE Software for Cisco ASR 920 Series Routers Denial of Service Vulnerability	23 Mar 201700:00	–	cnvd
CVE	CVE-2017-3859	22 Mar 201719:00	–	cve
EUVD	EUVD-2017-12976	7 Oct 202500:30	–	euvd
NVD	CVE-2017-3859	22 Mar 201719:59	–	nvd
OpenVAS	Cisco IOS XE Software for Cisco ASR 920 Series Routers Zero Touch Provisioning Denial of Service Vulnerability	23 Mar 201700:00	–	openvas
OSV	CVE-2017-3859	22 Mar 201719:59	–	osv
Prion	Format string	22 Mar 201719:59	–	prion

[
  {
    "product": "Cisco IOS XE Software for Cisco ASR 920 Series Routers",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco IOS XE Software for Cisco ASR 920 Series Routers"
      }
    ]
  }
]

Source	Link
securityfocus	www.securityfocus.com/bid/97008
securitytracker	www.securitytracker.com/id/1038104
tools	www.tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-ztp

11 Jul 2017 09:57Current

7.6High risk

Vulners AI Score7.6

EPSS0.00344

CWE-134