CVE-2017-6615
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE 3.16 could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a race condition that could occur when the affected software processes an SNMP read request that contains certain criteria for a specific object ID (OID) and an active crypto session is disconnected on an affected device. An attacker who can authenticate to an affected device could trigger this vulnerability by issuing an SNMP request for a specific OID on the device. A successful exploit will cause the device to restart due to an attempt to access an invalid memory region. The attacker does not control how or when crypto sessions are disconnected on the device. Cisco Bug IDs: CSCvb94392.
Una vulnerabilidad en el subsistema de Simple Network Management Protocol (SNMP) de Cisco IOS XE 3.16 podría permitir a un atacante remoto autenticado provocar denegación de servicio (DoS). La vulnerabilidad se debe a una condición de competencia que podría ocurrir cuando el software afectado procesa una petición de lectura SNMP que contiene ciertos criterios para un ID de objeto específico (OID) y una sesión de cifrado activa se desconecta en un dispositivo afectado. Un atacante que pueda autenticarse en un dispositivo afectado podría activar esta vulnerabilidad emitiendo una solicitud SNMP para un OID específico en el dispositivo. Una explotación exitosa hará que el dispositivo se reinicie debido a un intento de acceso a una región de memoria no válida. El atacante no controla cómo o cuándo se desconectan las sesiones de cifrado en el dispositivo. Cisco Bug IDs: CSCvb94392.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-03-09 CVE Reserved
- 2017-04-20 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-125: Out-of-bounds Read
- CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
- CWE-399: Resource Management Errors
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/97930 | Third Party Advisory | |
http://www.securitytracker.com/id/1038328 | Vdb Entry |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 3.16.0cs Search vendor "Cisco" for product "Ios Xe" and version "3.16.0cs" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 3.16.0s Search vendor "Cisco" for product "Ios Xe" and version "3.16.0s" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 3.16.1as Search vendor "Cisco" for product "Ios Xe" and version "3.16.1as" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 3.16.1s Search vendor "Cisco" for product "Ios Xe" and version "3.16.1s" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | 3.16.2s Search vendor "Cisco" for product "Ios Xe" and version "3.16.2s" | - |
Affected
|