Details of VAR-201701-0729

ID

VAR-201701-0729

CVE

CVE-2017-3804

TITLE

plural Cisco Nexus Switch software IS-IS Protocol packet handling device reload vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-001375

DESCRIPTION

A vulnerability in Intermediate System-to-Intermediate System (IS-IS) protocol packet processing of Cisco Nexus 5000, 6000, and 7000 Series Switches software could allow an unauthenticated, adjacent attacker to cause a reload of the affected device. Switches in the FabricPath domain crash because of an __inst_001__isis_fabricpath hap reset when processing a crafted link-state packet. More Information: CSCvc45002. Known Affected Releases: 7.1(3)N1(2.1) 7.1(3)N1(3.12) 7.3(2)N1(0.296) 8.0(1)S2. Known Fixed Releases: 6.2(18)S11 7.0(3)I5(1.170) 7.0(3)I5(2) 7.1(4)N1(0.4) 7.1(4)N1(1b) 7.1(5)N1(0.986) 7.1(5)N1(1) 7.2(3)D1(0.8) 7.3(2)N1(0.304) 7.3(2)N1(1) 8.0(0.96)S0 8.0(1) 8.0(1)E1 8.0(1)S4 8.3(0)CV(0.788). Vendors have confirmed this vulnerability Bug ID CSCvc45002 It is released as.An attacker could reload the device. The Cisco Nexus 7000 Series Switches help create the network infrastructure needed for next-generation unified array data centers. A denial of service vulnerability exists in multiple Cisco Nexus devices. This issue is being tracked by Cisco bug ID CSCvc45002. Cisco Nexus 5000, 6000 and 7000 Series Switches are all switch products of Cisco (Cisco)

Trust: 2.52

sources: NVD: CVE-2017-3804 // JVNDB: JVNDB-2017-001375 // CNVD: CNVD-2017-00876 // BID: 95638 // VULHUB: VHN-112007

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-00876

AFFECTED PRODUCTS

vendor:	cisco	model:	nx-os	scope:	eq	version:	7.1\(3\)n1\(3.12\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	7.1\(3\)n1\(2.1\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	8.0\(1\)s2	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	7.3\(2\)n1\(0.296\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	7.1(3)n1(282.1)	Trust: 0.8
vendor:	cisco	model:	nx-os	scope:	eq	version:	7.1(3)n1(283.12)	Trust: 0.8
vendor:	cisco	model:	nx-os	scope:	eq	version:	7.3(2)n1(280.296)	Trust: 0.8
vendor:	cisco	model:	nx-os	scope:	eq	version:	8.0(1)n1(281)s2	Trust: 0.8
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	7000	Trust: 0.6
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	5000	Trust: 0.6
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	6000	Trust: 0.6
vendor:	cisco	model:	nexus	scope:	eq	version:	70000	Trust: 0.3
vendor:	cisco	model:	nexus	scope:	eq	version:	60000	Trust: 0.3
vendor:	cisco	model:	nexus	scope:	eq	version:	50000	Trust: 0.3

sources: CNVD: CNVD-2017-00876 // BID: 95638 // JVNDB: JVNDB-2017-001375 // CNNVD: CNNVD-201701-785 // NVD: CVE-2017-3804

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-3804
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-3804
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2017-00876
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201701-785
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-112007
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-3804
severity:	MEDIUM
baseScore:	5.7
vectorString:	AV:A/AC:M/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	5.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-00876
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:A/AC:H/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.2
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-112007
severity:	MEDIUM
baseScore:	5.7
vectorString:	AV:A/AC:M/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	5.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-3804
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.6
impactScore:	4.0
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-00876 // VULHUB: VHN-112007 // JVNDB: JVNDB-2017-001375 // CNNVD: CNNVD-201701-785 // NVD: CVE-2017-3804

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-399	Trust: 0.9

sources: VULHUB: VHN-112007 // JVNDB: JVNDB-2017-001375 // NVD: CVE-2017-3804

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201701-785

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201701-785

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-001375

PATCH

title:	cisco-sa-20170118-nexus	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-nexus	Trust: 0.8
title:	Patch for multiple Cisco Nexus device denial of service vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/88553	Trust: 0.6
title:	Cisco Nexus 5000 , 6000 and 7000 Series Switches Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67343	Trust: 0.6

sources: CNVD: CNVD-2017-00876 // JVNDB: JVNDB-2017-001375 // CNNVD: CNNVD-201701-785

EXTERNAL IDS

db:	NVD	id:	CVE-2017-3804	Trust: 3.4
db:	BID	id:	95638	Trust: 2.6
db:	SECTRACK	id:	1037658	Trust: 2.3
db:	JVNDB	id:	JVNDB-2017-001375	Trust: 0.8
db:	CNNVD	id:	CNNVD-201701-785	Trust: 0.7
db:	CNVD	id:	CNVD-2017-00876	Trust: 0.6
db:	VULHUB	id:	VHN-112007	Trust: 0.1

sources: CNVD: CNVD-2017-00876 // VULHUB: VHN-112007 // BID: 95638 // JVNDB: JVNDB-2017-001375 // CNNVD: CNNVD-201701-785 // NVD: CVE-2017-3804

REFERENCES

url:	http://www.securityfocus.com/bid/95638	Trust: 2.3
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170118-nexus	Trust: 2.0
url:	http://www.securitytracker.com/id/1037658	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3804	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-3804	Trust: 0.8
url:	http://securitytracker.com/id/1037658	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2017-00876 // VULHUB: VHN-112007 // BID: 95638 // JVNDB: JVNDB-2017-001375 // CNNVD: CNNVD-201701-785 // NVD: CVE-2017-3804

CREDITS

Cisco

Trust: 0.9

sources: BID: 95638 // CNNVD: CNNVD-201701-785

SOURCES

db:	CNVD	id:	CNVD-2017-00876
db:	VULHUB	id:	VHN-112007
db:	BID	id:	95638
db:	JVNDB	id:	JVNDB-2017-001375
db:	CNNVD	id:	CNNVD-201701-785
db:	NVD	id:	CVE-2017-3804

LAST UPDATE DATE

2024-11-23T22:45:47.232000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-00876	date:	2017-02-04T00:00:00
db:	VULHUB	id:	VHN-112007	date:	2019-10-03T00:00:00
db:	BID	id:	95638	date:	2017-01-23T02:11:00
db:	JVNDB	id:	JVNDB-2017-001375	date:	2017-02-08T00:00:00
db:	CNNVD	id:	CNNVD-201701-785	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-3804	date:	2024-11-21T03:26:08.910

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-00876	date:	2017-02-04T00:00:00
db:	VULHUB	id:	VHN-112007	date:	2017-01-26T00:00:00
db:	BID	id:	95638	date:	2017-01-18T00:00:00
db:	JVNDB	id:	JVNDB-2017-001375	date:	2017-02-08T00:00:00
db:	CNNVD	id:	CNNVD-201701-785	date:	2017-01-20T00:00:00
db:	NVD	id:	CVE-2017-3804	date:	2017-01-26T07:59:00.623