Details of VAR-201703-0901

ID

VAR-201703-0901

CVE

CVE-2017-3859

TITLE

Cisco ASR 920 Operates on a series aggregation service router Cisco IOS XE Vulnerable to format strings

Trust: 0.8

sources: JVNDB: JVNDB-2017-002644

DESCRIPTION

A vulnerability in the DHCP code for the Zero Touch Provisioning feature of Cisco ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a format string vulnerability when processing a crafted DHCP packet for Zero Touch Provisioning. An attacker could exploit this vulnerability by sending a specially crafted DHCP packet to an affected device. An exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. This vulnerability affects Cisco ASR 920 Series Aggregation Services Routers that are running an affected release of Cisco IOS XE Software (3.13 through 3.18) and are listening on the DHCP server port. By default, the devices do not listen on the DHCP server port. Cisco Bug IDs: CSCuy56385. Vendors report this vulnerability Bug ID CSCuy56385 Published as.Denial of service (DoS) An attack could be made. Both Cisco IOS and IOSXESoftware are operating systems developed by Cisco for its network devices. A denial of service vulnerability exists in Cisco IOSXESoftware. Zero Touch Provisioning is one of the automatic configuration functions. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-ztp ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-ztp"] This advisory is part of the March 22, 2017, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes five Cisco Security Advisories that describe five vulnerabilities. All the vulnerabilities have a Security Impact Rating of High. For a complete list of the advisories and links to them, see Cisco Event Response: March 2017 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-60851"]. -----BEGIN PGP SIGNATURE----- iQKBBAEBAgBrBQJY0qLqZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHldyhAA4AUlw+TdlwzGjw66 a9A1qiAyLXXUNOACKIzHcNZ9vM0nEnYdi9MrS36J/W3bU4etGzgOkJ6oMt2AOU8V fgykNstP2rcUwn2qiAhL9edrG2iBTG3FVgKaeud/pYobXqHX7U9EgPwxANZkdNez Xt0cCQCa6ENn8MgVbboCZl2AMXhV7rkI45J1a3ecoN/ooZN71TTo/vtYv8nl4khE VxRBLNE3sSSNgE0tcnseoH01kjTzGn2lh5e/RJL/F8OMMTg+sg399HGkxlVF/r0Y 4c5dIad5eg3Ra3X1El8s8r0p8YBmFhvBuO64MYzysT4OYNPOw2dMbtAso/b3vpJf uRkHpOMEPM0Jg+hZBNGyCyUMyipfPmlaUvEIb6o4+vM/uNVwH5qpsgkVXWuCwR64 CR9axg7CJ/LSDoDjWhZIpSUtYNWZxhSFMdOlTZVU9m7idTsQjH1KfQtmqH06uEMc sZIal21mxlv3QiVD606fT/v4NDiZCVllNeSX8zBBMV95zPS7UJ1DO9qOBuF5bGsX 9jyLJr0RMxdCt5LJlsA8vjm6VbgwDxGR3SttZRQO5QESg3bJ3JxJ+fEujcDZFol6 u89nQqUY3b+tBQOj3hOUYz6ztsA2YDoYae0lD/PQ0KxRbcbweADSKlcPy2JBCQi+ mduV2xoL7F5JFPL/AMjuurgMZy0= =waSy -----END PGP SIGNATURE-----

Trust: 2.7

sources: NVD: CVE-2017-3859 // JVNDB: JVNDB-2017-002644 // CNVD: CNVD-2017-04003 // BID: 97008 // VULHUB: VHN-112062 // VULMON: CVE-2017-3859 // PACKETSTORM: 141770

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-04003

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xe	scope:	eq	version:	3.15.4s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.13.6as	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.1csp	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.13.5as	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.2s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.1s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.17.2s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.0s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.1bsp	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.3as	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.14.4s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.1as	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.1sp	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.15.3s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.17.1as	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.2as	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.13.4s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.0as	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.0cs	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.13.6s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.0s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.1asp	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.13.5s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.3s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.2bs	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.3vs	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.15.2s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.17.0s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.0sp	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.2s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.14.3s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.17.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ios xe >=3.13.4s <=3.18.3vs	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios xe software	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	asr series aggregation services router	scope:	eq	version:	9200	Trust: 0.3

sources: CNVD: CNVD-2017-04003 // BID: 97008 // JVNDB: JVNDB-2017-002644 // CNNVD: CNNVD-201703-988 // NVD: CVE-2017-3859

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-3859
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-3859
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-04003
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201703-988
value:	HIGH
Trust: 0.6
VULHUB:	VHN-112062
value:	HIGH
Trust: 0.1
VULMON:	CVE-2017-3859
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-3859
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2017-04003
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-112062
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-3859
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-04003 // VULHUB: VHN-112062 // VULMON: CVE-2017-3859 // JVNDB: JVNDB-2017-002644 // CNNVD: CNNVD-201703-988 // NVD: CVE-2017-3859

PROBLEMTYPE DATA

problemtype:

CWE-134

Trust: 1.8

sources: JVNDB: JVNDB-2017-002644 // NVD: CVE-2017-3859

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 141770 // CNNVD: CNNVD-201703-988

TYPE

format string

Trust: 0.6

sources: CNNVD: CNNVD-201703-988

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-002644

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-112062

PATCH

title:	cisco-sa-20170322-ztp	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-ztp	Trust: 0.8
title:	CiscoIOSXESoftwareforCiscoASR920SeriesRouters Denial of Service Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/91530	Trust: 0.6
title:	Cisco ASR 920 Series Aggregation Services Routers Zero Touch Provisioning Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68699	Trust: 0.6
title:	Threatpost	url:	https://threatpost.com/cisco-patches-critical-iox-vulnerability/124533/	Trust: 0.1

sources: CNVD: CNVD-2017-04003 // VULMON: CVE-2017-3859 // JVNDB: JVNDB-2017-002644 // CNNVD: CNNVD-201703-988

EXTERNAL IDS

db:	NVD	id:	CVE-2017-3859	Trust: 3.6
db:	BID	id:	97008	Trust: 2.1
db:	SECTRACK	id:	1038104	Trust: 1.2
db:	JVNDB	id:	JVNDB-2017-002644	Trust: 0.8
db:	CNNVD	id:	CNNVD-201703-988	Trust: 0.7
db:	CNVD	id:	CNVD-2017-04003	Trust: 0.6
db:	PACKETSTORM	id:	141770	Trust: 0.2
db:	VULHUB	id:	VHN-112062	Trust: 0.1
db:	VULMON	id:	CVE-2017-3859	Trust: 0.1

sources: CNVD: CNVD-2017-04003 // VULHUB: VHN-112062 // VULMON: CVE-2017-3859 // BID: 97008 // JVNDB: JVNDB-2017-002644 // PACKETSTORM: 141770 // CNNVD: CNNVD-201703-988 // NVD: CVE-2017-3859

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170322-ztp	Trust: 2.2
url:	http://www.securityfocus.com/bid/97008	Trust: 1.9
url:	https://nvd.nist.gov/vuln/detail/cve-2017-3859	Trust: 1.5
url:	http://www.securitytracker.com/id/1038104	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3859	Trust: 0.8
url:	http://seclists.org/bugtraq/2017/mar/81	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/134.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://threatpost.com/cisco-patches-critical-iox-vulnerability/124533/	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewerp.x?alertid=erp-60851"].	Trust: 0.1
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170322-ztp"]	Trust: 0.1

CREDITS

Cisco.

Trust: 0.3

sources: BID: 97008

SOURCES

db:	CNVD	id:	CNVD-2017-04003
db:	VULHUB	id:	VHN-112062
db:	VULMON	id:	CVE-2017-3859
db:	BID	id:	97008
db:	JVNDB	id:	JVNDB-2017-002644
db:	PACKETSTORM	id:	141770
db:	CNNVD	id:	CNNVD-201703-988
db:	NVD	id:	CVE-2017-3859

LAST UPDATE DATE

2024-11-23T22:22:35.911000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-04003	date:	2017-05-03T00:00:00
db:	VULHUB	id:	VHN-112062	date:	2017-07-12T00:00:00
db:	VULMON	id:	CVE-2017-3859	date:	2017-07-12T00:00:00
db:	BID	id:	97008	date:	2017-03-23T00:01:00
db:	JVNDB	id:	JVNDB-2017-002644	date:	2017-04-24T00:00:00
db:	CNNVD	id:	CNNVD-201703-988	date:	2017-03-23T00:00:00
db:	NVD	id:	CVE-2017-3859	date:	2024-11-21T03:26:15.523

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-04003	date:	2017-04-06T00:00:00
db:	VULHUB	id:	VHN-112062	date:	2017-03-22T00:00:00
db:	VULMON	id:	CVE-2017-3859	date:	2017-03-22T00:00:00
db:	BID	id:	97008	date:	2017-03-22T00:00:00
db:	JVNDB	id:	JVNDB-2017-002644	date:	2017-04-24T00:00:00
db:	PACKETSTORM	id:	141770	date:	2017-03-22T17:25:00
db:	CNNVD	id:	CNNVD-201703-988	date:	2017-03-23T00:00:00
db:	NVD	id:	CVE-2017-3859	date:	2017-03-22T19:59:00.370