Sign-up

ID

VAR-201702-0791


CVE

CVE-2017-3824


TITLE

Cisco cBR series Converged Broadband Service disruption in routers (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2017-001619

DESCRIPTION

A vulnerability in the handling of list headers in Cisco cBR Series Converged Broadband Routers could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of service (DoS) condition. Cisco cBR-8 Converged Broadband Routers running vulnerable versions of Cisco IOS XE are affected. More Information: CSCux40637. Known Affected Releases: 15.5(3)S 15.6(1)S. Known Fixed Releases: 15.5(3)S2 15.6(1)S1 15.6(2)S 15.6(2)SP 16.4(1). ( Reload device ) There are vulnerabilities that are put into a state. Vendors have confirmed this vulnerability Bug ID CSCux40637 It is released as.Remote attacker could disrupt service operation ( Reload device ) There is a possibility of being put into a state. CiscocBRSeriesConvergedBroadbandRouters is a router device. CiscocBRSeriesConvergedBroadbandRouters handles security holes in the list header field, allowing remote attackers to exploit vulnerabilities to submit special requests for denial of service attacks. Attackers can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCux40637. The platform supports the application of software-defined networking (SDN) and virtualization technologies to virtualize, integrate and automate cable operators' access architectures and more

Trust: 2.52

sources: NVD: CVE-2017-3824 // JVNDB: JVNDB-2017-001619 // CNVD: CNVD-2017-01195 // BID: 95937 // VULHUB: VHN-112027

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-01195

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:eqversion:3.16.1

Trust: 2.5

vendor:ciscomodel:ios xescope:eqversion:3.17.0

Trust: 1.6

vendor:ciscomodel:ios xescope:eqversion:3.16.0

Trust: 1.6

vendor:ciscomodel:cbr-8scope:eqversion:0

Trust: 0.9

vendor:ciscomodel:ios xescope:eqversion:3.17

Trust: 0.9

vendor:ciscomodel:ios xescope:eqversion:3.16

Trust: 0.9

vendor:ciscomodel:cbr-8 converged broadband routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:ios xescope: - version: -

Trust: 0.8

sources: CNVD: CNVD-2017-01195 // BID: 95937 // JVNDB: JVNDB-2017-001619 // CNNVD: CNNVD-201702-013 // NVD: CVE-2017-3824

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-3824
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-3824
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-01195
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201702-013
value: MEDIUM

Trust: 0.6

VULHUB: VHN-112027
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-3824
severity: MEDIUM
baseScore: 5.4
vectorString: AV:N/AC:H/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-01195
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-112027
severity: MEDIUM
baseScore: 5.4
vectorString: AV:N/AC:H/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-3824
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 4.0
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-01195 // VULHUB: VHN-112027 // JVNDB: JVNDB-2017-001619 // CNNVD: CNNVD-201702-013 // NVD: CVE-2017-3824

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-112027 // JVNDB: JVNDB-2017-001619 // NVD: CVE-2017-3824

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201702-013

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201702-013

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-001619

PATCH
title:cisco-sa-20170201-cbrurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-cbr
Trust: 0.8
title:CiscocBRSeriesConvergedBroadbandRouters Denial of Service Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/89172
Trust: 0.6
title:Cisco cBR-8 Converged Broadband Routers Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67403
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-01195 // 
            
            
            
            JVNDB: JVNDB-2017-001619 // 
            
            
            
            CNNVD: CNNVD-201702-013

EXTERNAL IDS
db:NVDid:CVE-2017-3824
Trust: 3.4
db:BIDid:95937
Trust: 2.0
db:SECTRACKid:1037774
Trust: 1.1
db:JVNDBid:JVNDB-2017-001619
Trust: 0.8
db:CNNVDid:CNNVD-201702-013
Trust: 0.7
db:CNVDid:CNVD-2017-01195
Trust: 0.6
db:VULHUBid:VHN-112027
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-01195 // 
            
            
            
            VULHUB: VHN-112027 // 
            
            
            
            BID: 95937 // 
            
            
            
            JVNDB: JVNDB-2017-001619 // 
            
            
            
            CNNVD: CNNVD-201702-013 // 
            
            
            
            NVD: CVE-2017-3824

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170201-cbr
Trust: 2.6
url:http://www.securityfocus.com/bid/95937
Trust: 1.1
url:http://www.securitytracker.com/id/1037774
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3824
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-3824
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-01195 // 
            
            
            
            VULHUB: VHN-112027 // 
            
            
            
            BID: 95937 // 
            
            
            
            JVNDB: JVNDB-2017-001619 // 
            
            
            
            CNNVD: CNNVD-201702-013 // 
            
            
            
            NVD: CVE-2017-3824

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 95937

SOURCES
db:CNVDid:CNVD-2017-01195
db:VULHUBid:VHN-112027
db:BIDid:95937
db:JVNDBid:JVNDB-2017-001619
db:CNNVDid:CNNVD-201702-013
db:NVDid:CVE-2017-3824

LAST UPDATE DATE
2024-11-23T22:07:38.696000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-01195date:2017-02-10T00:00:00
db:VULHUBid:VHN-112027date:2017-07-25T00:00:00
db:BIDid:95937date:2017-02-02T00:09:00
db:JVNDBid:JVNDB-2017-001619date:2017-03-09T00:00:00
db:CNNVDid:CNNVD-201702-013date:2017-02-08T00:00:00
db:NVDid:CVE-2017-3824date:2024-11-21T03:26:11.287

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-01195date:2017-02-10T00:00:00
db:VULHUBid:VHN-112027date:2017-02-03T00:00:00
db:BIDid:95937date:2017-02-01T00:00:00
db:JVNDBid:JVNDB-2017-001619date:2017-03-09T00:00:00
db:CNNVDid:CNNVD-201702-013date:2017-02-08T00:00:00
db:NVDid:CVE-2017-3824date:2017-02-03T07:59:00.920