Details of VAR-201703-0898

ID

VAR-201703-0898

CVE

CVE-2017-3856

TITLE

Cisco IOS XE Resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-002700

DESCRIPTION

A vulnerability in the web user interface of Cisco IOS XE 3.1 through 3.17 could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient resource handling by the affected software when the web user interface is under a high load. An attacker could exploit this vulnerability by sending a high number of requests to the web user interface of the affected software. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. To exploit this vulnerability, the attacker must have access to the management interface of the affected software, which is typically connected to a restricted management network. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software, if the web user interface of the software is enabled. By default, the web user interface is not enabled. Cisco Bug IDs: CSCup70353. Vendors have confirmed this vulnerability Bug ID CSCup70353 It is released as.Service operation interruption (DoS) An attack may be carried out. Cisco IOSXESoftware is an operating system developed by Cisco Systems for its network devices

Trust: 2.61

sources: NVD: CVE-2017-3856 // JVNDB: JVNDB-2017-002700 // CNVD: CNVD-2017-04987 // BID: 97007 // VULHUB: VHN-112059 // VULMON: CVE-2017-3856

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-04987

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xe	scope:	eq	version:	3.13.1s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.13.3s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.14.0s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.13.2s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.13s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.14.1s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.13.4s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.13.0as	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.13.0s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.13.2as	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.8sg	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7e	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.2.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.8.2s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.5e	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.6.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.3s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.3.1xo	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.2.3sg	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.3.0xo	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.14s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.5.2e	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.5.2sq	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.6.2ae	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.5.3e	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.6.5be	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.10.4s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.8ex	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.12.0as	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.3.2sg	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7.4e	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.5.1e	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.3.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.5s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.14.4s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.11.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.3sq	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.5sq	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.3se	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7.3e	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.3sg	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.3.5se	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7.2ts	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.10.5s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.2.0sg	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.10.1xbs	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.8s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.8.2e	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.11.3s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.2.0xo	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7.0s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7.2s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.11.0s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.6.4e	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.0s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.6.5e	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7.0e	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.0sg	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.3.0sq	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.2sg	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.5.0e	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7.7s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.5.0s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7.2e	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.1.2s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.10.6s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7.0bs	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.12s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.3sg	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.1.1sg	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.2.0ja	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.8.0e	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.2.2s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.5sg	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.11.4s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.9.0s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.15.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.1.0s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.17.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.17.1as	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.3.1se	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.3.1sg	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.15s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.6s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.2.5sg	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.6.0s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4sg	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.12.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7.4s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.2.1se	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.10.7s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.17.3s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.5.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.1sg	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.2.1xo	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.3.1sq	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.2.3se	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.8.0ex	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.6.3e	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.0s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.1as	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.6s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.9.0e	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.2.9sg	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.3.2s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.9s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.10.0s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.3s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.5.3sq	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.15.0s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.0sq	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.2.0se	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.10.2s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.0cs	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.7sg	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.1.4as	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.2.8sg	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.10.2ts	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.2.1sg	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.8e	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.15.2s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.6sg	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.2sg	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.12.4s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.1.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.3xo	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.17.2s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.8.0s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.6.5ae	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.2.4sg	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7.1e	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.9e	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.3.0sg	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.1sg	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.2s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.1.3as	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.1.3s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.10.8s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.12.0s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.5.1sq	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.3.3se	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.2xo	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.2ja	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.8.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.11s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.3.2xo	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.3.2se	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.5.4sq	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.3.4se	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.9.2s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.1.0sg	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.2.7sg	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.2se	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.5s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.6.0e	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.5.0sq	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.2.2se	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.4sg	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.9.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.12.2s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.2.2sg	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.11.2s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.17s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.4s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.2.6sg	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.2.11sg	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.3.0s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.8.1e	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.14.3s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.15.1cs	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.3.0se	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.10s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.6.1e	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7.5s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.10.3s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.2s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.15.3s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.10.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.1sq	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.14.2s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.5.5sq	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.5.2s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.1.4s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7.3s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7.6s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.17.0s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4sq	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.4.0as	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.7s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.6e	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.6.2s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.12.3s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.1 to 3.17	Trust: 0.8
vendor:	cisco	model:	ios xe software	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios xe software	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2017-04987 // BID: 97007 // JVNDB: JVNDB-2017-002700 // CNNVD: CNNVD-201703-991 // NVD: CVE-2017-3856

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-3856
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-3856
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-04987
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201703-991
value:	HIGH
Trust: 0.6
VULHUB:	VHN-112059
value:	HIGH
Trust: 0.1
VULMON:	CVE-2017-3856
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-3856
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2017-04987
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-112059
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-3856
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-04987 // VULHUB: VHN-112059 // VULMON: CVE-2017-3856 // JVNDB: JVNDB-2017-002700 // CNNVD: CNNVD-201703-991 // NVD: CVE-2017-3856

PROBLEMTYPE DATA

problemtype:	CWE-399	Trust: 1.9
problemtype:	CWE-400	Trust: 1.1

sources: VULHUB: VHN-112059 // JVNDB: JVNDB-2017-002700 // NVD: CVE-2017-3856

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-991

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201703-991

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-002700

PATCH

title:	cisco-sa-20170322-webui	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-webui	Trust: 0.8
title:	Cisco IOSXESoftwareWEB Interface Denial of Service Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/92306	Trust: 0.6
title:	Cisco IOS XE Software Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68702	Trust: 0.6
title:	Threatpost	url:	https://threatpost.com/cisco-patches-critical-iox-vulnerability/124533/	Trust: 0.1

sources: CNVD: CNVD-2017-04987 // VULMON: CVE-2017-3856 // JVNDB: JVNDB-2017-002700 // CNNVD: CNNVD-201703-991

EXTERNAL IDS

db:	NVD	id:	CVE-2017-3856	Trust: 3.5
db:	BID	id:	97007	Trust: 2.7
db:	SECTRACK	id:	1038101	Trust: 1.8
db:	JVNDB	id:	JVNDB-2017-002700	Trust: 0.8
db:	CNNVD	id:	CNNVD-201703-991	Trust: 0.7
db:	CNVD	id:	CNVD-2017-04987	Trust: 0.6
db:	VULHUB	id:	VHN-112059	Trust: 0.1
db:	VULMON	id:	CVE-2017-3856	Trust: 0.1

sources: CNVD: CNVD-2017-04987 // VULHUB: VHN-112059 // VULMON: CVE-2017-3856 // BID: 97007 // JVNDB: JVNDB-2017-002700 // CNNVD: CNNVD-201703-991 // NVD: CVE-2017-3856

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170322-webui	Trust: 2.7
url:	http://www.securityfocus.com/bid/97007	Trust: 2.5
url:	http://www.securitytracker.com/id/1038101	Trust: 1.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3856	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-3856	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/400.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://threatpost.com/cisco-patches-critical-iox-vulnerability/124533/	Trust: 0.1

sources: CNVD: CNVD-2017-04987 // VULHUB: VHN-112059 // VULMON: CVE-2017-3856 // BID: 97007 // JVNDB: JVNDB-2017-002700 // CNNVD: CNNVD-201703-991 // NVD: CVE-2017-3856

CREDITS

Cisco.

Trust: 0.3

sources: BID: 97007

SOURCES

db:	CNVD	id:	CNVD-2017-04987
db:	VULHUB	id:	VHN-112059
db:	VULMON	id:	CVE-2017-3856
db:	BID	id:	97007
db:	JVNDB	id:	JVNDB-2017-002700
db:	CNNVD	id:	CNNVD-201703-991
db:	NVD	id:	CVE-2017-3856

LAST UPDATE DATE

2024-11-23T22:49:07.924000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-04987	date:	2017-04-21T00:00:00
db:	VULHUB	id:	VHN-112059	date:	2019-10-03T00:00:00
db:	VULMON	id:	CVE-2017-3856	date:	2019-10-03T00:00:00
db:	BID	id:	97007	date:	2017-03-23T00:01:00
db:	JVNDB	id:	JVNDB-2017-002700	date:	2017-04-25T00:00:00
db:	CNNVD	id:	CNNVD-201703-991	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-3856	date:	2024-11-21T03:26:15.063

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-04987	date:	2017-04-21T00:00:00
db:	VULHUB	id:	VHN-112059	date:	2017-03-22T00:00:00
db:	VULMON	id:	CVE-2017-3856	date:	2017-03-22T00:00:00
db:	BID	id:	97007	date:	2017-03-22T00:00:00
db:	JVNDB	id:	JVNDB-2017-002700	date:	2017-04-25T00:00:00
db:	CNNVD	id:	CNNVD-201703-991	date:	2017-03-23T00:00:00
db:	NVD	id:	CVE-2017-3856	date:	2017-03-22T19:59:00.277