Details of VAR-201706-1042

ID

VAR-201706-1042

CVE

CVE-2017-6655

TITLE

Cisco NX-OS Software FCoE Buffer error vulnerability in protocol implementation

Trust: 0.8

sources: JVNDB: JVNDB-2017-005140

DESCRIPTION

A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition when an FCoE-related process unexpectedly reloads. This vulnerability affects Cisco NX-OS Software on the following Cisco devices when they are configured for FCoE: Multilayer Director Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches. More Information: CSCvc91729. Known Affected Releases: 8.3(0)CV(0.833). Known Fixed Releases: 8.3(0)ISH(0.62) 8.3(0)CV(0.944) 8.1(1) 8.1(0.8)S0 7.3(2)D1(0.47). Vendors have confirmed this vulnerability CSCvc91729 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco NX-OS Software is a data center-oriented operating system from Cisco. An attacker could exploit the vulnerability by sending a specially crafted FCoE frame to the target device. This issue is being tracked by Cisco bug ID CSCvc91729. The vulnerability stems from the fact that the program does not perform sufficient inspection on FCoE frames

Trust: 2.52

sources: NVD: CVE-2017-6655 // JVNDB: JVNDB-2017-005140 // CNVD: CNVD-2017-13747 // BID: 98991 // VULHUB: VHN-114858

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-13747

AFFECTED PRODUCTS

vendor:	cisco	model:	nx-os	scope:	eq	version:	8.0\(1\)s2	Trust: 1.6
vendor:	cisco	model:	mds 9000 nx-os	scope:	eq	version:	7.3\(1\)d1\(1\)	Trust: 1.6
vendor:	cisco	model:	nx-os for nexus 5500 platform switches	scope:	eq	version:	7.3\(1\)n1\(1\)	Trust: 1.6
vendor:	cisco	model:	nx-os	scope:	eq	version:	8.3\(0\)cv\(0.833\)	Trust: 1.6
vendor:	cisco	model:	nx-os for nexus 7700 series switches	scope:	eq	version:	8.0\(1\)\(ed\)	Trust: 1.6
vendor:	cisco	model:	nx-os for nexus 5600 platform switches	scope:	eq	version:	7.3\(1\)n1\(1\)	Trust: 1.6
vendor:	cisco	model:	nexus series switches 8.3 cv	scope:	eq	version:	7000	Trust: 0.9
vendor:	cisco	model:	nx-os	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	nx-os software	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	7700	Trust: 0.6
vendor:	cisco	model:	multilayer director switches	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	nx-os software	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	nexus series switches	scope:	eq	version:	77000	Trust: 0.3
vendor:	cisco	model:	multilayer director switches	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	nexus series switches 8.3 ish	scope:	ne	version:	7000	Trust: 0.3
vendor:	cisco	model:	nexus series switches 8.3 cv	scope:	ne	version:	7000	Trust: 0.3

sources: CNVD: CNVD-2017-13747 // BID: 98991 // JVNDB: JVNDB-2017-005140 // CNNVD: CNNVD-201706-435 // NVD: CVE-2017-6655

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-6655
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-6655
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2017-13747
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-201706-435
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-114858
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2017-6655
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-13747
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-114858
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-6655
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2017-6655
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2017-13747 // VULHUB: VHN-114858 // JVNDB: JVNDB-2017-005140 // CNNVD: CNNVD-201706-435 // NVD: CVE-2017-6655

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-114858 // JVNDB: JVNDB-2017-005140 // NVD: CVE-2017-6655

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201706-435

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201706-435

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-005140

PATCH

title:	cisco-sa-20170607-nxos	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-nxos	Trust: 0.8
title:	Patch for Cisco NX-OSSoftware Denial of Service Vulnerability (CNVD-2017-13747)	url:	https://www.cnvd.org.cn/patchInfo/show/97782	Trust: 0.6
title:	Cisco NX-OS Software Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70881	Trust: 0.6

sources: CNVD: CNVD-2017-13747 // JVNDB: JVNDB-2017-005140 // CNNVD: CNNVD-201706-435

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6655	Trust: 3.4
db:	BID	id:	98991	Trust: 2.6
db:	SECTRACK	id:	1038628	Trust: 1.7
db:	JVNDB	id:	JVNDB-2017-005140	Trust: 0.8
db:	CNNVD	id:	CNNVD-201706-435	Trust: 0.7
db:	CNVD	id:	CNVD-2017-13747	Trust: 0.6
db:	VULHUB	id:	VHN-114858	Trust: 0.1

sources: CNVD: CNVD-2017-13747 // VULHUB: VHN-114858 // BID: 98991 // JVNDB: JVNDB-2017-005140 // CNNVD: CNNVD-201706-435 // NVD: CVE-2017-6655

REFERENCES

url:	http://www.securityfocus.com/bid/98991	Trust: 2.3
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170607-nxos	Trust: 2.0
url:	http://www.securitytracker.com/id/1038628	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6655	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6655	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2017-13747 // VULHUB: VHN-114858 // BID: 98991 // JVNDB: JVNDB-2017-005140 // CNNVD: CNNVD-201706-435 // NVD: CVE-2017-6655

CREDITS

Cisco

Trust: 0.9

sources: BID: 98991 // CNNVD: CNNVD-201706-435

SOURCES

db:	CNVD	id:	CNVD-2017-13747
db:	VULHUB	id:	VHN-114858
db:	BID	id:	98991
db:	JVNDB	id:	JVNDB-2017-005140
db:	CNNVD	id:	CNNVD-201706-435
db:	NVD	id:	CVE-2017-6655

LAST UPDATE DATE

2024-11-23T23:02:24.014000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-13747	date:	2017-07-11T00:00:00
db:	VULHUB	id:	VHN-114858	date:	2017-07-08T00:00:00
db:	BID	id:	98991	date:	2017-06-07T00:00:00
db:	JVNDB	id:	JVNDB-2017-005140	date:	2017-07-19T00:00:00
db:	CNNVD	id:	CNNVD-201706-435	date:	2021-12-06T00:00:00
db:	NVD	id:	CVE-2017-6655	date:	2024-11-21T03:30:14.127

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-13747	date:	2017-07-11T00:00:00
db:	VULHUB	id:	VHN-114858	date:	2017-06-13T00:00:00
db:	BID	id:	98991	date:	2017-06-07T00:00:00
db:	JVNDB	id:	JVNDB-2017-005140	date:	2017-07-19T00:00:00
db:	CNNVD	id:	CNNVD-201706-435	date:	2017-06-14T00:00:00
db:	NVD	id:	CVE-2017-6655	date:	2017-06-13T06:29:00.830