CVE-2017-6615

Severity Score

6.3

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE 3.16 could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a race condition that could occur when the affected software processes an SNMP read request that contains certain criteria for a specific object ID (OID) and an active crypto session is disconnected on an affected device. An attacker who can authenticate to an affected device could trigger this vulnerability by issuing an SNMP request for a specific OID on the device. A successful exploit will cause the device to restart due to an attempt to access an invalid memory region. The attacker does not control how or when crypto sessions are disconnected on the device. Cisco Bug IDs: CSCvb94392.

Una vulnerabilidad en el subsistema de Simple Network Management Protocol (SNMP) de Cisco IOS XE 3.16 podría permitir a un atacante remoto autenticado provocar denegación de servicio (DoS). La vulnerabilidad se debe a una condición de competencia que podría ocurrir cuando el software afectado procesa una petición de lectura SNMP que contiene ciertos criterios para un ID de objeto específico (OID) y una sesión de cifrado activa se desconecta en un dispositivo afectado. Un atacante que pueda autenticarse en un dispositivo afectado podría activar esta vulnerabilidad emitiendo una solicitud SNMP para un OID específico en el dispositivo. Una explotación exitosa hará que el dispositivo se reinicie debido a un intento de acceso a una región de memoria no válida. El atacante no controla cómo o cuándo se desconectan las sesiones de cifrado en el dispositivo. Cisco Bug IDs: CSCvb94392.

*Credits: N/A

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-03-09 CVE Reserved
2017-04-20 CVE Published
2023-03-07 EPSS Updated
2024-08-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-125: Out-of-bounds Read
CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-399: Resource Management Errors

CAPEC

References (3)

URL	Tag	Source
http://www.securityfocus.com/bid/97930	Third Party Advisory
http://www.securitytracker.com/id/1038328	Vdb Entry

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ios-xe-snmp	2019-10-03

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"		Ios Xe Search vendor "Cisco" for product "Ios Xe"				3.16.0cs Search vendor "Cisco" for product "Ios Xe" and version "3.16.0cs"		-		Affected
Cisco Search vendor "Cisco"		Ios Xe Search vendor "Cisco" for product "Ios Xe"				3.16.0s Search vendor "Cisco" for product "Ios Xe" and version "3.16.0s"		-		Affected
Cisco Search vendor "Cisco"		Ios Xe Search vendor "Cisco" for product "Ios Xe"				3.16.1as Search vendor "Cisco" for product "Ios Xe" and version "3.16.1as"		-		Affected
Cisco Search vendor "Cisco"		Ios Xe Search vendor "Cisco" for product "Ios Xe"				3.16.1s Search vendor "Cisco" for product "Ios Xe" and version "3.16.1s"		-		Affected
Cisco Search vendor "Cisco"		Ios Xe Search vendor "Cisco" for product "Ios Xe"				3.16.2s Search vendor "Cisco" for product "Ios Xe" and version "3.16.2s"		-		Affected