Details of VAR-201706-0582

ID

VAR-201706-0582

CVE

CVE-2017-6666

TITLE

Cisco Network Convergence System 5500 For series router Cisco IOS XR Service disruption in software (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2017-004943

DESCRIPTION

A vulnerability in the forwarding component of Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series Routers could allow an authenticated, local attacker to cause the router to stop forwarding data traffic across Traffic Engineering (TE) tunnels, resulting in a denial of service (DoS) condition. More Information: CSCvd16665. Known Affected Releases: 6.2.11.BASE. Known Fixed Releases: 6.1.3 6.1.2 6.3.1.8i.BASE 6.2.11.8i.BASE 6.2.2.9i.BASE 6.1.32.11i.BASE 6.1.31.10i.BASE 6.1.4.3i.BASE. Vendors have confirmed this vulnerability Bug ID CSCvd16665 It is released as.Denial of service by a local attacker (DoS) There is a possibility of being put into a state. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. A denial of service vulnerability exists in Cisco IOSXR Software, which can cause a denial of service (process overload) by exploiting a memory leak vulnerability in the gRPC service. A local attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCvd16665 . The forwarding component is one of the information forwarding components

Trust: 2.52

sources: NVD: CVE-2017-6666 // JVNDB: JVNDB-2017-004943 // CNVD: CNVD-2017-13743 // BID: 98987 // VULHUB: VHN-114869

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-13743

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xr	scope:	eq	version:	6.1.2	Trust: 1.6
vendor:	cisco	model:	ios xr	scope:	eq	version:	6.1.0	Trust: 1.6
vendor:	cisco	model:	ios xr	scope:	eq	version:	6.0_base	Trust: 1.6
vendor:	cisco	model:	ios xr	scope:	eq	version:	6.2.1	Trust: 1.6
vendor:	cisco	model:	ios xr	scope:	eq	version:	6.2.0	Trust: 1.6
vendor:	cisco	model:	ios xr	scope:	eq	version:	6.0.0	Trust: 1.6
vendor:	cisco	model:	ios xr	scope:	eq	version:	6.0.1	Trust: 1.6
vendor:	cisco	model:	ios xr	scope:	eq	version:	6.1.3	Trust: 1.6
vendor:	cisco	model:	ios xr	scope:	eq	version:	6.1.1	Trust: 1.6
vendor:	cisco	model:	network convergence system	scope:	eq	version:	55080	Trust: 0.9
vendor:	cisco	model:	network convergence system series routers	scope:	eq	version:	55000	Trust: 0.9
vendor:	cisco	model:	ios xr	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ios xr software	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios xr software	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2017-13743 // BID: 98987 // JVNDB: JVNDB-2017-004943 // CNNVD: CNNVD-201706-437 // NVD: CVE-2017-6666

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-6666
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-6666
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2017-13743
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-201706-437
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-114869
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2017-6666
severity:	LOW
baseScore:	1.9
vectorString:	AV:L/AC:M/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.4
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-13743
severity:	LOW
baseScore:	1.9
vectorString:	AV:L/AC:M/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.4
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-114869
severity:	LOW
baseScore:	1.9
vectorString:	AV:L/AC:M/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.4
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-6666
baseSeverity:	MEDIUM
baseScore:	6.0
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.5
impactScore:	4.0
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-13743 // VULHUB: VHN-114869 // JVNDB: JVNDB-2017-004943 // CNNVD: CNNVD-201706-437 // NVD: CVE-2017-6666

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-399	Trust: 0.9

sources: VULHUB: VHN-114869 // JVNDB: JVNDB-2017-004943 // NVD: CVE-2017-6666

THREAT TYPE

local

Trust: 0.9

sources: BID: 98987 // CNNVD: CNNVD-201706-437

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201706-437

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-004943

PATCH

title:	cisco-sa-20170607-ncs	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-ncs	Trust: 0.8
title:	Patch for Cisco IOSXR Software Local Denial of Service Vulnerability (CNVD-2017-13743)	url:	https://www.cnvd.org.cn/patchInfo/show/97785	Trust: 0.6
title:	Cisco Network Convergence System 5500 Series IOS XR Software forwarding Fixes for component resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75153	Trust: 0.6

sources: CNVD: CNVD-2017-13743 // JVNDB: JVNDB-2017-004943 // CNNVD: CNNVD-201706-437

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6666	Trust: 3.4
db:	BID	id:	98987	Trust: 2.6
db:	SECTRACK	id:	1038630	Trust: 1.7
db:	JVNDB	id:	JVNDB-2017-004943	Trust: 0.8
db:	CNNVD	id:	CNNVD-201706-437	Trust: 0.7
db:	CNVD	id:	CNVD-2017-13743	Trust: 0.6
db:	VULHUB	id:	VHN-114869	Trust: 0.1

sources: CNVD: CNVD-2017-13743 // VULHUB: VHN-114869 // BID: 98987 // JVNDB: JVNDB-2017-004943 // CNNVD: CNNVD-201706-437 // NVD: CVE-2017-6666

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170607-ncs	Trust: 2.0
url:	http://www.securityfocus.com/bid/98987	Trust: 1.7
url:	http://www.securitytracker.com/id/1038630	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6666	Trust: 1.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6666	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2017-13743 // VULHUB: VHN-114869 // BID: 98987 // JVNDB: JVNDB-2017-004943 // CNNVD: CNNVD-201706-437 // NVD: CVE-2017-6666

CREDITS

Cisco.

Trust: 0.9

sources: BID: 98987 // CNNVD: CNNVD-201706-437

SOURCES

db:	CNVD	id:	CNVD-2017-13743
db:	VULHUB	id:	VHN-114869
db:	BID	id:	98987
db:	JVNDB	id:	JVNDB-2017-004943
db:	CNNVD	id:	CNNVD-201706-437
db:	NVD	id:	CVE-2017-6666

LAST UPDATE DATE

2024-11-23T22:07:21.478000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-13743	date:	2017-07-11T00:00:00
db:	VULHUB	id:	VHN-114869	date:	2019-10-03T00:00:00
db:	BID	id:	98987	date:	2017-06-07T00:00:00
db:	JVNDB	id:	JVNDB-2017-004943	date:	2017-07-12T00:00:00
db:	CNNVD	id:	CNNVD-201706-437	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-6666	date:	2024-11-21T03:30:15.650

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-13743	date:	2017-07-11T00:00:00
db:	VULHUB	id:	VHN-114869	date:	2017-06-13T00:00:00
db:	BID	id:	98987	date:	2017-06-07T00:00:00
db:	JVNDB	id:	JVNDB-2017-004943	date:	2017-07-12T00:00:00
db:	CNNVD	id:	CNNVD-201706-437	date:	2017-06-07T00:00:00
db:	NVD	id:	CVE-2017-6666	date:	2017-06-13T06:29:00.973