Sign-up

ID

VAR-201703-0889


CVE

CVE-2017-3878


TITLE

Cisco Nexus 9000 Runs on a series switch Cisco NX-OS Software Telnet Service operation interruption in remote login function (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2017-002464

DESCRIPTION

A Denial of Service vulnerability in the Telnet remote login functionality of Cisco NX-OS Software running on Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to cause a Telnet process used for login to terminate unexpectedly and the login attempt to fail. There is no impact to user traffic flowing through the device. Affected Products: This vulnerability affects Cisco Nexus 9000 Series Switches that are running Cisco NX-OS Software and are configured to allow remote Telnet connections to the device. More Information: CSCux46778. Known Affected Releases: 7.0(3)I3(0.170). Known Fixed Releases: 7.0(3)I3(1) 7.0(3)I3(0.257) 7.0(3)I3(0.255) 7.0(3)I2(2e) 7.0(3)F1(1.22) 7.0(3)F1(1). Vendors have confirmed this vulnerability Bug ID CSCux46778 It is released as.Remote attacker could disrupt service operation (DoS) There is a possibility of being put into a state. Cisco NX-OS is a data center-class operating system from Cisco Systems, Inc. that reflects modular design, resiliency, and maintainability. A denial of service vulnerability exists in Cisco NX-OSSoftware. An attacker could exploit this vulnerability to cause a denial of service and refuse to provide services to legitimate users. This issue is being tracked by Cisco bug ID CSCux46778. A remote attacker can interrupt the Telnet process

Trust: 2.52

sources: NVD: CVE-2017-3878 // JVNDB: JVNDB-2017-002464 // CNVD: CNVD-2017-03769 // BID: 96927 // VULHUB: VHN-112081

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-03769

AFFECTED PRODUCTS

vendor:ciscomodel:nx-osscope:eqversion:7.0\(3\)i3\(0.170\)

Trust: 1.6

vendor:ciscomodel:nexus series switchesscope:eqversion:90000

Trust: 0.9

vendor:ciscomodel:nx-os software 7.0 i3scope: - version: -

Trust: 0.9

vendor:ciscomodel:nx-os software 7.0 i3scope:neversion: -

Trust: 0.9

vendor:ciscomodel:nx-osscope: - version: -

Trust: 0.8

vendor:ciscomodel:nx-os software 7.0 f1scope:neversion: -

Trust: 0.6

vendor:ciscomodel:nx-os software 7.0 i2scope:neversion: -

Trust: 0.3

sources: CNVD: CNVD-2017-03769 // BID: 96927 // JVNDB: JVNDB-2017-002464 // CNNVD: CNNVD-201703-843 // NVD: CVE-2017-3878

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-3878
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-3878
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-03769
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201703-843
value: MEDIUM

Trust: 0.6

VULHUB: VHN-112081
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-3878
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-03769
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-112081
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-3878
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-03769 // VULHUB: VHN-112081 // JVNDB: JVNDB-2017-002464 // CNNVD: CNNVD-201703-843 // NVD: CVE-2017-3878

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-112081 // JVNDB: JVNDB-2017-002464 // NVD: CVE-2017-3878

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-843

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201703-843

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-002464

PATCH
title:cisco-sa-20170315-nssurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-nss
Trust: 0.8
title:Patch for Cisco NX-OSSoftware Denial of Service Vulnerability (CNVD-2017-03769)url:https://www.cnvd.org.cn/patchInfo/show/91344
Trust: 0.6
title:Cisco Nexus 9000 Series Switches NX-OS Software Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68636
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-03769 // 
            
            
            
            JVNDB: JVNDB-2017-002464 // 
            
            
            
            CNNVD: CNNVD-201703-843

EXTERNAL IDS
db:NVDid:CVE-2017-3878
Trust: 3.4
db:BIDid:96927
Trust: 2.0
db:SECTRACKid:1038047
Trust: 1.1
db:JVNDBid:JVNDB-2017-002464
Trust: 0.8
db:CNNVDid:CNNVD-201703-843
Trust: 0.7
db:CNVDid:CNVD-2017-03769
Trust: 0.6
db:VULHUBid:VHN-112081
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-03769 // 
            
            
            
            VULHUB: VHN-112081 // 
            
            
            
            BID: 96927 // 
            
            
            
            JVNDB: JVNDB-2017-002464 // 
            
            
            
            CNNVD: CNNVD-201703-843 // 
            
            
            
            NVD: CVE-2017-3878

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170315-nss
Trust: 2.0
url:http://www.securityfocus.com/bid/96927
Trust: 1.7
url:http://www.securitytracker.com/id/1038047
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3878
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-3878
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-03769 // 
            
            
            
            VULHUB: VHN-112081 // 
            
            
            
            BID: 96927 // 
            
            
            
            JVNDB: JVNDB-2017-002464 // 
            
            
            
            CNNVD: CNNVD-201703-843 // 
            
            
            
            NVD: CVE-2017-3878

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 96927

SOURCES
db:CNVDid:CNVD-2017-03769
db:VULHUBid:VHN-112081
db:BIDid:96927
db:JVNDBid:JVNDB-2017-002464
db:CNNVDid:CNNVD-201703-843
db:NVDid:CVE-2017-3878

LAST UPDATE DATE
2024-11-23T22:18:03.730000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-03769date:2017-03-31T00:00:00
db:VULHUBid:VHN-112081date:2017-07-12T00:00:00
db:BIDid:96927date:2017-03-23T00:01:00
db:JVNDBid:JVNDB-2017-002464date:2017-04-14T00:00:00
db:CNNVDid:CNNVD-201703-843date:2017-03-21T00:00:00
db:NVDid:CVE-2017-3878date:2024-11-21T03:26:17.967

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-03769date:2017-03-31T00:00:00
db:VULHUBid:VHN-112081date:2017-03-17T00:00:00
db:BIDid:96927date:2017-03-15T00:00:00
db:JVNDBid:JVNDB-2017-002464date:2017-04-14T00:00:00
db:CNNVDid:CNNVD-201703-843date:2017-03-21T00:00:00
db:NVDid:CVE-2017-3878date:2017-03-17T22:59:00.547