Sign-up

ID

VAR-201704-1337


CVE

CVE-2017-6599


TITLE

Cisco IOS XR of Google -Defined remote procedure call processing resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-003064

DESCRIPTION

A vulnerability in Google-defined remote procedure call (gRPC) handling in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Event Management Service daemon (emsd) to crash due to a system memory leak, resulting in a denial of service (DoS) condition. This vulnerability affects Cisco IOS XR Software with gRPC enabled. More Information: CSCvb14433. Known Affected Releases: 6.1.1.BASE 6.2.1.BASE. Known Fixed Releases: 6.2.1.22i.MGBL 6.1.22.9i.MGBL 6.1.21.12i.MGBL 6.1.2.13i.MGBL. Vendors have confirmed this vulnerability Bug ID CSCvb14433 It is released as.Service operation interruption (DoS) An attack may be carried out. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. Attackers can exploit this issue to crash the service, resulting in a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCvb14433

Trust: 2.52

sources: NVD: CVE-2017-6599 // JVNDB: JVNDB-2017-003064 // CNVD: CNVD-2017-05132 // BID: 97464 // VULHUB: VHN-114802

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-05132

AFFECTED PRODUCTS

vendor:ciscomodel:ios xrscope:eqversion:6.1.1

Trust: 1.6

vendor:ciscomodel:ios xrscope:eqversion:6.2.1

Trust: 1.6

vendor:ciscomodel:ios xrscope:eqversion:6.1.1.base

Trust: 0.8

vendor:ciscomodel:ios xrscope:eqversion:6.2.1.base

Trust: 0.8

vendor:ciscomodel:ios xr softwarescope: - version: -

Trust: 0.6

vendor:ciscomodel:ios xr softwarescope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2017-05132 // BID: 97464 // JVNDB: JVNDB-2017-003064 // CNNVD: CNNVD-201704-431 // NVD: CVE-2017-6599

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6599
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-6599
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-05132
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201704-431
value: MEDIUM

Trust: 0.6

VULHUB: VHN-114802
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-6599
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-05132
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-114802
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6599
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-05132 // VULHUB: VHN-114802 // JVNDB: JVNDB-2017-003064 // CNNVD: CNNVD-201704-431 // NVD: CVE-2017-6599

PROBLEMTYPE DATA

problemtype:CWE-772

Trust: 1.1

problemtype:CWE-399

Trust: 0.9

sources: VULHUB: VHN-114802 // JVNDB: JVNDB-2017-003064 // NVD: CVE-2017-6599

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-431

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201704-431

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-003064

PATCH
title:cisco-sa-20170405-iosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ios
Trust: 0.8
title:Patch for Cisco IOSXR Denial of Service Vulnerability (CNVD-2017-05132)url:https://www.cnvd.org.cn/patchInfo/show/92453
Trust: 0.6
title:Cisco IOS XR Software Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69159
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-05132 // 
            
            
            
            JVNDB: JVNDB-2017-003064 // 
            
            
            
            CNNVD: CNNVD-201704-431

EXTERNAL IDS
db:NVDid:CVE-2017-6599
Trust: 3.4
db:BIDid:97464
Trust: 2.6
db:SECTRACKid:1038191
Trust: 1.7
db:JVNDBid:JVNDB-2017-003064
Trust: 0.8
db:CNNVDid:CNNVD-201704-431
Trust: 0.7
db:CNVDid:CNVD-2017-05132
Trust: 0.6
db:VULHUBid:VHN-114802
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-05132 // 
            
            
            
            VULHUB: VHN-114802 // 
            
            
            
            BID: 97464 // 
            
            
            
            JVNDB: JVNDB-2017-003064 // 
            
            
            
            CNNVD: CNNVD-201704-431 // 
            
            
            
            NVD: CVE-2017-6599

REFERENCES
url:http://www.securityfocus.com/bid/97464
Trust: 2.3
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170405-ios
Trust: 2.0
url:http://www.securitytracker.com/id/1038191
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6599
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6599
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-05132 // 
            
            
            
            VULHUB: VHN-114802 // 
            
            
            
            BID: 97464 // 
            
            
            
            JVNDB: JVNDB-2017-003064 // 
            
            
            
            CNNVD: CNNVD-201704-431 // 
            
            
            
            NVD: CVE-2017-6599

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 97464

SOURCES
db:CNVDid:CNVD-2017-05132
db:VULHUBid:VHN-114802
db:BIDid:97464
db:JVNDBid:JVNDB-2017-003064
db:CNNVDid:CNNVD-201704-431
db:NVDid:CVE-2017-6599

LAST UPDATE DATE
2024-11-23T22:01:10.666000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-05132date:2017-04-24T00:00:00
db:VULHUBid:VHN-114802date:2019-10-03T00:00:00
db:BIDid:97464date:2017-04-11T00:03:00
db:JVNDBid:JVNDB-2017-003064date:2017-05-12T00:00:00
db:CNNVDid:CNNVD-201704-431date:2019-10-23T00:00:00
db:NVDid:CVE-2017-6599date:2024-11-21T03:30:05.440

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-05132date:2017-04-24T00:00:00
db:VULHUBid:VHN-114802date:2017-04-07T00:00:00
db:BIDid:97464date:2017-04-05T00:00:00
db:JVNDBid:JVNDB-2017-003064date:2017-05-12T00:00:00
db:CNNVDid:CNNVD-201704-431date:2017-04-11T00:00:00
db:NVDid:CVE-2017-6599date:2017-04-07T17:59:00.607