Details of VAR-201708-1322

ID

VAR-201708-1322

CVE

CVE-2017-6664

TITLE

Cisco IOS XE Vulnerability related to authorization, authority, and access control in software

Trust: 0.8

sources: JVNDB: JVNDB-2017-006805

DESCRIPTION

A vulnerability in the Autonomic Networking feature of Cisco IOS XE Software could allow an unauthenticated, remote, autonomic node to access the Autonomic Networking infrastructure of an affected system, after the certificate for the autonomic node has been revoked. This vulnerability affected devices that are running Release 16.x of Cisco IOS XE Software and are configured to use Autonomic Networking. This vulnerability does not affect devices that are running an earlier release of Cisco IOS XE Software or devices that are not configured to use Autonomic Networking. More Information: CSCvd22328. Known Affected Releases: 15.5(1)S3.1 Denali-16.2.1. Vendors have confirmed this vulnerability Bug ID CSCvd22328 It is released as.Information may be tampered with. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. Cisco IOSXESoftware's AutonomicNetworking feature has a security vulnerability that allows remote attackers to exploit a vulnerability to submit a special request revocation certificate for attack. An attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. This issue is being tracked by Cisco Bug ID: CSCvd2232

Trust: 2.52

sources: NVD: CVE-2017-6664 // JVNDB: JVNDB-2017-006805 // CNVD: CNVD-2017-26174 // BID: 99986 // VULHUB: VHN-114867

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-26174

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.0s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.17.1s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.2s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.13.1s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.14.0s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.12.2s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.13.5s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.15.3s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.6.1	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.10.8s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.0s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.14.4s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.1as	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.13.2s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.5.1c	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.15.0s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.12.0s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.2as	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.13.4s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.14.2s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.12.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.10.8as	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.15.2s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.14.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.12.4s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.17.0s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.14.3s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.15.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.12.3s	Trust: 1.0
vendor:	cisco	model:	ios 15.5 s3.1	scope:	-	version:	-	Trust: 0.9
vendor:	cisco	model:	ios xe	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.2.1	Trust: 0.6
vendor:	cisco	model:	ios	scope:	eq	version:	16.2.1	Trust: 0.3

sources: CNVD: CNVD-2017-26174 // BID: 99986 // JVNDB: JVNDB-2017-006805 // CNNVD: CNNVD-201707-1422 // NVD: CVE-2017-6664

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-6664
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-6664
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-26174
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201707-1422
value:	HIGH
Trust: 0.6
VULHUB:	VHN-114867
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-6664
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-26174
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-114867
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-6664
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-26174 // VULHUB: VHN-114867 // JVNDB: JVNDB-2017-006805 // CNNVD: CNNVD-201707-1422 // NVD: CVE-2017-6664

PROBLEMTYPE DATA

problemtype:	CWE-295	Trust: 1.1
problemtype:	CWE-264	Trust: 0.9

sources: VULHUB: VHN-114867 // JVNDB: JVNDB-2017-006805 // NVD: CVE-2017-6664

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201707-1422

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201707-1422

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-006805

PATCH

title:	cisco-sa-20170726-anicrl	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170726-anicrl	Trust: 0.8
title:	Cisco IOSXESoftwareANI certificate revocation vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/101840	Trust: 0.6

sources: CNVD: CNVD-2017-26174 // JVNDB: JVNDB-2017-006805

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6664	Trust: 3.4
db:	BID	id:	99986	Trust: 2.6
db:	SECTRACK	id:	1038997	Trust: 1.7
db:	JVNDB	id:	JVNDB-2017-006805	Trust: 0.8
db:	CNVD	id:	CNVD-2017-26174	Trust: 0.6
db:	CNNVD	id:	CNNVD-201707-1422	Trust: 0.6
db:	VULHUB	id:	VHN-114867	Trust: 0.1

sources: CNVD: CNVD-2017-26174 // VULHUB: VHN-114867 // BID: 99986 // JVNDB: JVNDB-2017-006805 // CNNVD: CNNVD-201707-1422 // NVD: CVE-2017-6664

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170726-anicrl	Trust: 2.6
url:	http://www.securityfocus.com/bid/99986	Trust: 1.7
url:	http://www.securitytracker.com/id/1038997	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6664	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6664	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2017-26174 // VULHUB: VHN-114867 // BID: 99986 // JVNDB: JVNDB-2017-006805 // CNNVD: CNNVD-201707-1422 // NVD: CVE-2017-6664

CREDITS

Cisco by Omar Eissa of ERNW.

Trust: 0.9

sources: BID: 99986 // CNNVD: CNNVD-201707-1422

SOURCES

db:	CNVD	id:	CNVD-2017-26174
db:	VULHUB	id:	VHN-114867
db:	BID	id:	99986
db:	JVNDB	id:	JVNDB-2017-006805
db:	CNNVD	id:	CNNVD-201707-1422
db:	NVD	id:	CVE-2017-6664

LAST UPDATE DATE

2024-11-23T22:52:22.945000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-26174	date:	2017-09-12T00:00:00
db:	VULHUB	id:	VHN-114867	date:	2019-10-03T00:00:00
db:	BID	id:	99986	date:	2017-07-26T00:00:00
db:	JVNDB	id:	JVNDB-2017-006805	date:	2017-09-04T00:00:00
db:	CNNVD	id:	CNNVD-201707-1422	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-6664	date:	2024-11-21T03:30:15.293

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-26174	date:	2017-09-11T00:00:00
db:	VULHUB	id:	VHN-114867	date:	2017-08-07T00:00:00
db:	BID	id:	99986	date:	2017-07-26T00:00:00
db:	JVNDB	id:	JVNDB-2017-006805	date:	2017-09-04T00:00:00
db:	CNNVD	id:	CNNVD-201707-1422	date:	2017-07-31T00:00:00
db:	NVD	id:	CVE-2017-6664	date:	2017-08-07T06:29:00.263