Sign-up

ID

VAR-201704-1330


CVE

CVE-2017-6615


TITLE

Cisco IOS XE of Simple Network Management Protocol Subsystem resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-003374

DESCRIPTION

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE 3.16 could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a race condition that could occur when the affected software processes an SNMP read request that contains certain criteria for a specific object ID (OID) and an active crypto session is disconnected on an affected device. An attacker who can authenticate to an affected device could trigger this vulnerability by issuing an SNMP request for a specific OID on the device. A successful exploit will cause the device to restart due to an attempt to access an invalid memory region. The attacker does not control how or when crypto sessions are disconnected on the device. Cisco Bug IDs: CSCvb94392. Vendors have confirmed this vulnerability Bug ID CSCvb94392 It is released as.Service operation interruption (DoS) An attack may be carried out

Trust: 1.98

sources: NVD: CVE-2017-6615 // JVNDB: JVNDB-2017-003374 // BID: 97930 // VULHUB: VHN-114818

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:eqversion:3.16.2s

Trust: 1.6

vendor:ciscomodel:ios xescope:eqversion:3.16.1as

Trust: 1.6

vendor:ciscomodel:ios xescope:eqversion:3.16.0s

Trust: 1.6

vendor:ciscomodel:ios xescope:eqversion:3.16.1s

Trust: 1.6

vendor:ciscomodel:ios xescope:eqversion:3.16.0cs

Trust: 1.6

vendor:ciscomodel:iosscope: - version: -

Trust: 0.8

vendor:ciscomodel:ios xescope: - version: -

Trust: 0.8

vendor:ciscomodel:ios xe software 15.5 s2.1scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe softwarescope:neversion:16.6(0.44)

Trust: 0.3

vendor:ciscomodel:ios xe softwarescope:neversion:16.3(3.3)

Trust: 0.3

vendor:ciscomodel:ios xe softwarescope:neversion:16.3(3.1)

Trust: 0.3

vendor:ciscomodel:ios xe software 15.5 s5.3scope:neversion: -

Trust: 0.3

sources: BID: 97930 // JVNDB: JVNDB-2017-003374 // CNNVD: CNNVD-201704-1057 // NVD: CVE-2017-6615

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6615
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-6615
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201704-1057
value: MEDIUM

Trust: 0.6

VULHUB: VHN-114818
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-6615
severity: MEDIUM
baseScore: 6.3
vectorString: AV:N/AC:M/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.8
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-114818
severity: MEDIUM
baseScore: 6.3
vectorString: AV:N/AC:M/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.8
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6615
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 4.0
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-114818 // JVNDB: JVNDB-2017-003374 // CNNVD: CNNVD-201704-1057 // NVD: CVE-2017-6615

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

problemtype:CWE-125

Trust: 1.1

problemtype:CWE-362

Trust: 1.1

sources: VULHUB: VHN-114818 // JVNDB: JVNDB-2017-003374 // NVD: CVE-2017-6615

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-1057

TYPE

competition condition problem

Trust: 0.6

sources: CNNVD: CNNVD-201704-1057

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-003374

PATCH
title:cisco-sa-20170419-ios-xe-snmpurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ios-xe-snmp
Trust: 0.8
title:Cisco IOS XE Software Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69455
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-003374 // 
            
            
            
            CNNVD: CNNVD-201704-1057

EXTERNAL IDS
db:NVDid:CVE-2017-6615
Trust: 2.8
db:BIDid:97930
Trust: 2.0
db:SECTRACKid:1038328
Trust: 1.7
db:JVNDBid:JVNDB-2017-003374
Trust: 0.8
db:CNNVDid:CNNVD-201704-1057
Trust: 0.7
db:VULHUBid:VHN-114818
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114818 // 
            
            
            
            BID: 97930 // 
            
            
            
            JVNDB: JVNDB-2017-003374 // 
            
            
            
            CNNVD: CNNVD-201704-1057 // 
            
            
            
            NVD: CVE-2017-6615

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170419-ios-xe-snmp
Trust: 2.0
url:http://www.securityfocus.com/bid/97930
Trust: 1.7
url:http://www.securitytracker.com/id/1038328
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6615
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6615
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-114818 // 
            
            
            
            BID: 97930 // 
            
            
            
            JVNDB: JVNDB-2017-003374 // 
            
            
            
            CNNVD: CNNVD-201704-1057 // 
            
            
            
            NVD: CVE-2017-6615

CREDITS
Cisco.
Trust: 0.3
sources:
            
            
            BID: 97930

SOURCES
db:VULHUBid:VHN-114818
db:BIDid:97930
db:JVNDBid:JVNDB-2017-003374
db:CNNVDid:CNNVD-201704-1057
db:NVDid:CVE-2017-6615

LAST UPDATE DATE
2024-11-23T22:59:19.659000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-114818date:2019-10-03T00:00:00
db:BIDid:97930date:2017-05-02T01:06:00
db:JVNDBid:JVNDB-2017-003374date:2017-05-25T00:00:00
db:CNNVDid:CNNVD-201704-1057date:2019-10-23T00:00:00
db:NVDid:CVE-2017-6615date:2024-11-21T03:30:07.900

SOURCES RELEASE DATE
db:VULHUBid:VHN-114818date:2017-04-20T00:00:00
db:BIDid:97930date:2017-04-19T00:00:00
db:JVNDBid:JVNDB-2017-003374date:2017-05-25T00:00:00
db:CNNVDid:CNNVD-201704-1057date:2017-04-21T00:00:00
db:NVDid:CVE-2017-6615date:2017-04-20T22:59:00.760