Details of VAR-201702-0787

ID

VAR-201702-0787

CVE

CVE-2017-3820

TITLE

Cisco IOS XE Works ASR 1000 Series Aggregation Service Router SNMP In function CPU Vulnerabilities that cause heavy use of

Trust: 0.8

sources: JVNDB: JVNDB-2017-001723

DESCRIPTION

A vulnerability in Simple Network Management Protocol (SNMP) functions of Cisco ASR 1000 Series Aggregation Services Routers running Cisco IOS XE Software Release 3.13.6S, 3.16.2S, or 3.17.1S could allow an authenticated, remote attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition. More Information: CSCux68796. Known Affected Releases: 15.5(3)S2.1 15.6(1)S1.1. Known Fixed Releases: 15.4(3)S6.1 15.4(3)S6.2 15.5(3)S2.2 15.5(3)S3 15.6(0.22)S0.23 15.6(1)S2 16.2(0.295) 16.3(0.94) 15.5.3S3. CiscoASR1000SeriesAggregationServicesRoutersrunningCiscoIOSXESoftware is a set of operating systems running on the ASR1000 series routers from Cisco. Cisco IOSXESoftware's \342\200\230SimpleNetworkManagementProtocol(SNMP)\342\200\231 function in Cisco ASR1000Series AggregationServicesRouters has a security vulnerability. This issue is being tracked by Cisco Bug ID CSCux68796. The following versions are affected: Cisco IOS XE Software Release 3.13.6S, 3.16.2S, 3.17.1S

Trust: 2.52

sources: NVD: CVE-2017-3820 // JVNDB: JVNDB-2017-001723 // CNVD: CNVD-2017-01168 // BID: 95934 // VULHUB: VHN-112023

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-01168

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xe	scope:	eq	version:	3.17.1s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.2s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.13.6s	Trust: 1.6
vendor:	cisco	model:	ios xe software 3.17.1s	scope:	-	version:	-	Trust: 0.9
vendor:	cisco	model:	ios xe software 3.16.2s	scope:	-	version:	-	Trust: 0.9
vendor:	cisco	model:	ios xe software 3.13.6s	scope:	-	version:	-	Trust: 0.9
vendor:	cisco	model:	ios xe	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asr series routers	scope:	eq	version:	1000	Trust: 0.6
vendor:	cisco	model:	asr series routers	scope:	eq	version:	10000	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.17.2s	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.16.3s	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios xe software 3.13.7s	scope:	ne	version:	-	Trust: 0.3

sources: CNVD: CNVD-2017-01168 // BID: 95934 // JVNDB: JVNDB-2017-001723 // CNNVD: CNNVD-201702-015 // NVD: CVE-2017-3820

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-3820
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-3820
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2017-01168
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201702-015
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-112023
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-3820
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-01168
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-112023
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-3820
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-01168 // VULHUB: VHN-112023 // JVNDB: JVNDB-2017-001723 // CNNVD: CNNVD-201702-015 // NVD: CVE-2017-3820

PROBLEMTYPE DATA

problemtype:	CWE-665	Trust: 1.1
problemtype:	CWE-399	Trust: 0.9

sources: VULHUB: VHN-112023 // JVNDB: JVNDB-2017-001723 // NVD: CVE-2017-3820

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201702-015

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201702-015

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-001723

PATCH

title:	cisco-sa-20170201-asrsnmp	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-asrsnmp	Trust: 0.8
title:	Patch for CiscoASR1000SeriesRouters Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/88870	Trust: 0.6
title:	Cisco ASR 1000 Series Aggregation Services Routers Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67405	Trust: 0.6

sources: CNVD: CNVD-2017-01168 // JVNDB: JVNDB-2017-001723 // CNNVD: CNNVD-201702-015

EXTERNAL IDS

db:	NVD	id:	CVE-2017-3820	Trust: 3.4
db:	BID	id:	95934	Trust: 2.6
db:	SECTRACK	id:	1037770	Trust: 1.7
db:	JVNDB	id:	JVNDB-2017-001723	Trust: 0.8
db:	CNNVD	id:	CNNVD-201702-015	Trust: 0.7
db:	CNVD	id:	CNVD-2017-01168	Trust: 0.6
db:	VULHUB	id:	VHN-112023	Trust: 0.1

sources: CNVD: CNVD-2017-01168 // VULHUB: VHN-112023 // BID: 95934 // JVNDB: JVNDB-2017-001723 // CNNVD: CNNVD-201702-015 // NVD: CVE-2017-3820

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170201-asrsnmp	Trust: 2.6
url:	http://www.securityfocus.com/bid/95934	Trust: 1.7
url:	http://www.securitytracker.com/id/1037770	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3820	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-3820	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2017-01168 // VULHUB: VHN-112023 // BID: 95934 // JVNDB: JVNDB-2017-001723 // CNNVD: CNNVD-201702-015 // NVD: CVE-2017-3820

CREDITS

Cisco

Trust: 0.3

sources: BID: 95934

SOURCES

db:	CNVD	id:	CNVD-2017-01168
db:	VULHUB	id:	VHN-112023
db:	BID	id:	95934
db:	JVNDB	id:	JVNDB-2017-001723
db:	CNNVD	id:	CNNVD-201702-015
db:	NVD	id:	CVE-2017-3820

LAST UPDATE DATE

2024-11-23T22:49:08.515000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-01168	date:	2017-02-09T00:00:00
db:	VULHUB	id:	VHN-112023	date:	2019-10-03T00:00:00
db:	BID	id:	95934	date:	2017-02-02T00:09:00
db:	JVNDB	id:	JVNDB-2017-001723	date:	2017-03-15T00:00:00
db:	CNNVD	id:	CNNVD-201702-015	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-3820	date:	2024-11-21T03:26:10.800

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-01168	date:	2017-02-09T00:00:00
db:	VULHUB	id:	VHN-112023	date:	2017-02-03T00:00:00
db:	BID	id:	95934	date:	2017-02-01T00:00:00
db:	JVNDB	id:	JVNDB-2017-001723	date:	2017-03-15T00:00:00
db:	CNNVD	id:	CNNVD-201702-015	date:	2017-02-04T00:00:00
db:	NVD	id:	CVE-2017-3820	date:	2017-02-03T07:59:00.857