Sign-up

ID

VAR-201707-1052


CVE

CVE-2017-6736


TITLE

Cisco IOS and IOS XE of SNMP Subsystem vulnerable to remote code execution on affected systems

Trust: 0.8

sources: JVNDB: JVNDB-2017-005867

DESCRIPTION

The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve57697. Cisco IOS and IOS XE Software are prone to multiple remote code-execution vulnerabilities. Failed exploit attempts may result in a denial of service condition; this can result in the attacker gaining complete control of the affected system. Simple Network Management Protocol (SNMP) subsystem is one of the simple network management subsystems used for network device management information exchange

Trust: 2.07

sources: NVD: CVE-2017-6736 // JVNDB: JVNDB-2017-005867 // BID: 99345 // VULHUB: VHN-114939 // VULMON: CVE-2017-6736

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:gteversion:2.2.0

Trust: 1.0

vendor:ciscomodel:iosscope:lteversion:12.4

Trust: 1.0

vendor:ciscomodel:ios xescope:lteversion:3.17

Trust: 1.0

vendor:ciscomodel:iosscope:lteversion:15.6

Trust: 1.0

vendor:ciscomodel:iosscope:gteversion:12.0

Trust: 1.0

vendor:ciscomodel:iosscope:gteversion:15.0

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.0 to 12.4

Trust: 0.8

vendor:ciscomodel:iosscope:eqversion:15.0 to 15.6

Trust: 0.8

vendor:ciscomodel:ios xescope:eqversion:2.2 to 3.17

Trust: 0.8

vendor:ciscomodel:iosscope:eqversion:12.1\(19\)ec

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:12.1\(19\)e1

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:12.1\(19\)e4

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:12.1\(19\)e3

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:12.1\(19\)e2

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:12.1\(19\)

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:12.1\(18\)

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:12.1\(19\)e6

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:12.1\(19\)e7

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:12.1\(19\)e

Trust: 0.6

vendor:ciscomodel:ios xescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:0

Trust: 0.3

sources: BID: 99345 // JVNDB: JVNDB-2017-005867 // CNNVD: CNNVD-201706-1229 // NVD: CVE-2017-6736

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6736
value: HIGH

Trust: 1.0

NVD: CVE-2017-6736
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201706-1229
value: HIGH

Trust: 0.6

VULHUB: VHN-114939
value: HIGH

Trust: 0.1

VULMON: CVE-2017-6736
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-6736
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-114939
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6736
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2017-6736
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-114939 // VULMON: CVE-2017-6736 // JVNDB: JVNDB-2017-005867 // CNNVD: CNNVD-201706-1229 // NVD: CVE-2017-6736

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-114939 // JVNDB: JVNDB-2017-005867 // NVD: CVE-2017-6736

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201706-1229

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201706-1229

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-005867

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-114939 // 
            
            
            
            VULMON: CVE-2017-6736

PATCH
title:cisco-sa-20170629-snmpurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp
Trust: 0.8
title:Cisco IOS  and IOS XE Simple Network Management Protocol Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71365
Trust: 0.6
title:Cisco: SNMP Remote Code Execution Vulnerabilities in Cisco IOS and IOS XE Softwareurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20170629-snmp
Trust: 0.1
title:cisco-snmp-rceurl:https://github.com/artkond/cisco-snmp-rce 
Trust: 0.1
title:CiscoSpectreTakeoverurl:https://github.com/GarnetSunset/CiscoSpectreTakeover 
Trust: 0.1
title:CiscoIOSSNMPToolkiturl:https://github.com/GarnetSunset/CiscoIOSSNMPToolkit 
Trust: 0.1
title:PentestNote-dark5url:https://github.com/52stu/PentestNote-dark5 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2017-6736 // 
            
            
            
            JVNDB: JVNDB-2017-005867 // 
            
            
            
            CNNVD: CNNVD-201706-1229

EXTERNAL IDS
db:NVDid:CVE-2017-6736
Trust: 2.9
db:BIDid:99345
Trust: 1.4
db:EXPLOIT-DBid:43450
Trust: 1.1
db:SECTRACKid:1038808
Trust: 1.1
db:JVNDBid:JVNDB-2017-005867
Trust: 0.8
db:CNNVDid:CNNVD-201706-1229
Trust: 0.7
db:ICS CERTid:ICSA-17-208-04
Trust: 0.3
db:PACKETSTORMid:145727
Trust: 0.1
db:VULHUBid:VHN-114939
Trust: 0.1
db:VULMONid:CVE-2017-6736
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114939 // 
            
            
            
            VULMON: CVE-2017-6736 // 
            
            
            
            BID: 99345 // 
            
            
            
            JVNDB: JVNDB-2017-005867 // 
            
            
            
            CNNVD: CNNVD-201706-1229 // 
            
            
            
            NVD: CVE-2017-6736

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170629-snmp
Trust: 2.0
url:http://www.securityfocus.com/bid/99345
Trust: 1.1
url:https://www.exploit-db.com/exploits/43450/
Trust: 1.1
url:https://github.com/artkond/cisco-snmp-rce
Trust: 1.1
url:http://www.securitytracker.com/id/1038808
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6736
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6736
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:https://ics-cert.us-cert.gov/advisories/icsa-17-208-04
Trust: 0.3
sources:
            
            
            VULHUB: VHN-114939 // 
            
            
            
            BID: 99345 // 
            
            
            
            JVNDB: JVNDB-2017-005867 // 
            
            
            
            CNNVD: CNNVD-201706-1229 // 
            
            
            
            NVD: CVE-2017-6736

CREDITS
Cisco has released free software updates that address the vulnerabilities described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, or otherwise using such software upgrades, accessing, or all advisories in the most recent bundled publication To determine whether a release is affected by any published Cisco Security Advisory, which are available from the Cisco Security Advisories and Alerts page, a specific advisory, that identifies any Cisco Security Advisories that impact a specific software release and the earliest release that fixes the vulnerabilities described in each advisory (“First Fixed”). If applicable, customers may only download software for which they have a valid license, additional software feature sets, customers are advised to regularly consult the advisories for Cisco products, the tool also returns the earliest release that fixes all the vulnerabilities described in all the advisories identified (“Combined First Fixed”). Customers can use this tool to perform the following tasks: Initiate a search by choosing one or more releases from a drop-down menu or uploading a file from a local system for the tool to parse Enter the output of the show version command for the tool to parse Create a custom search by including all previously published Cisco Security Advisories, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, the Cisco?IOS Software Checker, refer to the Cisco?IOS XE 2 Release Notes, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Customers Without Service Contracts Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade. Cisco?IOS and IOS?XE Software To help customers determine their exposure to vulnerabilities in Cisco?IOS and IOS?XE Software, depending on the Cisco?IOS?XE Software release., Cisco?IOS XE 3S Release Notes, or Cisco?IOS XE 3SG Release Notes, Cisco provides a tool, use the Cisco?IOS Software Checker on Cisco.com or enter a Cisco?IOS Software or Cisco?IOS?XE Software release—for example, or major revision upgrades. When considering software upgrades, 15.1(4)M2 or 3.1.4S—in the following field: For a mapping of Cisco?IOS XE Software releases to Cisco?IOS Software releases, to determine exposure and a complete upgrade solution. In all cases, procured from Cisco directly, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, downloading, customers agree to follow the terms of the Cisco software license: http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html Additionally
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201706-1229

SOURCES
db:VULHUBid:VHN-114939
db:VULMONid:CVE-2017-6736
db:BIDid:99345
db:JVNDBid:JVNDB-2017-005867
db:CNNVDid:CNNVD-201706-1229
db:NVDid:CVE-2017-6736

LAST UPDATE DATE
2024-08-14T13:30:17.172000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-114939date:2018-01-08T00:00:00
db:VULMONid:CVE-2017-6736date:2018-01-08T00:00:00
db:BIDid:99345date:2017-06-29T00:00:00
db:JVNDBid:JVNDB-2017-005867date:2017-08-08T00:00:00
db:CNNVDid:CNNVD-201706-1229date:2019-04-18T00:00:00
db:NVDid:CVE-2017-6736date:2024-07-24T14:25:27.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-114939date:2017-07-17T00:00:00
db:VULMONid:CVE-2017-6736date:2017-07-17T00:00:00
db:BIDid:99345date:2017-06-29T00:00:00
db:JVNDBid:JVNDB-2017-005867date:2017-08-08T00:00:00
db:CNNVDid:CNNVD-201706-1229date:2017-06-29T00:00:00
db:NVDid:CVE-2017-6736date:2017-07-17T21:29:00.213