Details of VAR-201704-1326

ID

VAR-201704-1326

CVE

CVE-2017-6610

TITLE

Cisco ASA Software Internet Key Exchange Version 1 XAUTH Resource management vulnerability in code

Trust: 0.8

sources: JVNDB: JVNDB-2017-003372

DESCRIPTION

A vulnerability in the Internet Key Exchange Version 1 (IKEv1) XAUTH code of Cisco ASA Software could allow an authenticated, remote attacker to cause a reload of an affected system. The vulnerability is due to insufficient validation of the IKEv1 XAUTH parameters passed during an IKEv1 negotiation. An attacker could exploit this vulnerability by sending crafted parameters. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability only affects systems configured in routed firewall mode and in single or multiple context mode. This vulnerability can be triggered by IPv4 or IPv6 traffic. A valid IKEv1 Phase 1 needs to be established to exploit this vulnerability, which means that an attacker would need to have knowledge of a pre-shared key or have a valid certificate for phase 1 authentication. This vulnerability affects Cisco ASA Software running on the following products: Cisco ASA 1000V Cloud Firewall, Cisco ASA 5500 Series Adaptive Security Appliances, Cisco ASA 5500-X Series Next-Generation Firewalls, Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Cisco Adaptive Security Virtual Appliance (ASAv), Cisco ASA for Firepower 9300 Series, Cisco ISA 3000 Industrial Security Appliance. Fixed versions: 9.1(7.7) 9.2(4.11) 9.4(4) 9.5(3) 9.6(1.5). Cisco Bug IDs: CSCuz11685. Vendors have confirmed this vulnerability Bug ID CSCuz11685 It is released as.Service operation interruption (DoS) An attack may be carried out. are all products of Cisco (Cisco)

Trust: 2.52

sources: NVD: CVE-2017-6610 // JVNDB: JVNDB-2017-003372 // CNVD: CNVD-2017-05780 // BID: 97934 // VULHUB: VHN-114813

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-05780

AFFECTED PRODUCTS

vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3.3.1	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2.3.4	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.6.0	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.4.3.4	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.4.3	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.4.26	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.3	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.6.8	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2\(0.104\)	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.2	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.6	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3\(1.50\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3\(2.243\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.4.3.8	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.4.5	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3.3.6	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.4.42	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2\(0.0\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.5.15	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.4.1.5	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2.3.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1\(7\)7	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.4.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.4.5	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.6.4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3.3.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3.3.9	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3.3.5	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.4.1.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.4.37	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.4.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2.4.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.5.2.6	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2\(3.1\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.6.10	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.5.2.14	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.5.10	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.4.2.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.4.1.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3.2.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2.2.7	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.4.40	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2.2.8	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.5.2.10	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.2.10	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.4.7	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.5.12	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.4.33	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2.4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.4.3.6	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2.4.4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.4.24	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3\(2.100\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.4.3.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.6.1.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.4.20	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.4.17	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.4.0.115	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.3.6	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.5.21	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.5	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.2.8	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2.4.10	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1\(7\)6	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.6.6	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.4.3.12	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.4.1.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3.3.10	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.5.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.3.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2.2.4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3\(1.105\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.4.3.11	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.1.4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.6.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.6.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.4.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.5.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.4.29	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.4.35	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3.1.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3.3.11	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.3.8	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2.4.8	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1\(7\)4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0	Trust: 0.9
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1	Trust: 0.9
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2	Trust: 0.9
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3	Trust: 0.9
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.4	Trust: 0.9
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.5	Trust: 0.9
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.6	Trust: 0.9
vendor:	cisco	model:	adaptive security appliance software	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	adaptive security appliance software	scope:	ne	version:	9.6(1.5)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	ne	version:	9.5(3)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	ne	version:	9.4(4)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	ne	version:	9.2(4.11)	Trust: 0.3
vendor:	cisco	model:	adaptive security appliance software	scope:	ne	version:	9.1(7.7)	Trust: 0.3

sources: CNVD: CNVD-2017-05780 // BID: 97934 // JVNDB: JVNDB-2017-003372 // CNNVD: CNNVD-201704-1061 // NVD: CVE-2017-6610

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-6610
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-6610
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-05780
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201704-1061
value:	HIGH
Trust: 0.6
VULHUB:	VHN-114813
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-6610
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-05780
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-114813
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-6610
baseSeverity:	HIGH
baseScore:	7.7
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.1
impactScore:	4.0
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-05780 // VULHUB: VHN-114813 // JVNDB: JVNDB-2017-003372 // CNNVD: CNNVD-201704-1061 // NVD: CVE-2017-6610

PROBLEMTYPE DATA

problemtype:	CWE-399	Trust: 1.9
problemtype:	CWE-20	Trust: 1.1

sources: VULHUB: VHN-114813 // JVNDB: JVNDB-2017-003372 // NVD: CVE-2017-6610

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-1061

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 97934 // CNNVD: CNNVD-201704-1061

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-003372

PATCH

title:	cisco-sa-20170419-asa-xauth	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-xauth	Trust: 0.8
title:	Cisco ASASoftware Denial of Service Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/93042	Trust: 0.6
title:	Multiple Cisco product Cisco ASA Software Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70699	Trust: 0.6

sources: CNVD: CNVD-2017-05780 // JVNDB: JVNDB-2017-003372 // CNNVD: CNNVD-201704-1061

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6610	Trust: 3.4
db:	BID	id:	97934	Trust: 2.6
db:	SECTRACK	id:	1038314	Trust: 1.7
db:	JVNDB	id:	JVNDB-2017-003372	Trust: 0.8
db:	CNNVD	id:	CNNVD-201704-1061	Trust: 0.7
db:	CNVD	id:	CNVD-2017-05780	Trust: 0.6
db:	VULHUB	id:	VHN-114813	Trust: 0.1

sources: CNVD: CNVD-2017-05780 // VULHUB: VHN-114813 // BID: 97934 // JVNDB: JVNDB-2017-003372 // CNNVD: CNNVD-201704-1061 // NVD: CVE-2017-6610

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170419-asa-xauth	Trust: 2.6
url:	http://www.securityfocus.com/bid/97934	Trust: 2.3
url:	http://www.securitytracker.com/id/1038314	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6610	Trust: 1.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6610	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2017-05780 // VULHUB: VHN-114813 // BID: 97934 // JVNDB: JVNDB-2017-003372 // CNNVD: CNNVD-201704-1061 // NVD: CVE-2017-6610

CREDITS

Cisco.

Trust: 0.3

sources: BID: 97934

SOURCES

db:	CNVD	id:	CNVD-2017-05780
db:	VULHUB	id:	VHN-114813
db:	BID	id:	97934
db:	JVNDB	id:	JVNDB-2017-003372
db:	CNNVD	id:	CNNVD-201704-1061
db:	NVD	id:	CVE-2017-6610

LAST UPDATE DATE

2024-11-23T23:05:27.482000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-05780	date:	2017-05-02T00:00:00
db:	VULHUB	id:	VHN-114813	date:	2019-10-03T00:00:00
db:	BID	id:	97934	date:	2017-05-02T02:07:00
db:	JVNDB	id:	JVNDB-2017-003372	date:	2017-05-25T00:00:00
db:	CNNVD	id:	CNNVD-201704-1061	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-6610	date:	2024-11-21T03:30:07.023

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-05780	date:	2017-05-02T00:00:00
db:	VULHUB	id:	VHN-114813	date:	2017-04-20T00:00:00
db:	BID	id:	97934	date:	2017-04-19T00:00:00
db:	JVNDB	id:	JVNDB-2017-003372	date:	2017-05-25T00:00:00
db:	CNNVD	id:	CNNVD-201704-1061	date:	2017-04-20T00:00:00
db:	NVD	id:	CVE-2017-6610	date:	2017-04-20T22:59:00.603