CVE-2017-6615

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE 3.16 could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a race condition that could occur when the affected software processes an SNMP read request that contains certain criteria for a specific object ID (OID) and an active crypto session is disconnected on an affected device. An attacker who can authenticate to an affected device could trigger this vulnerability by issuing an SNMP request for a specific OID on the device. A successful exploit will cause the device to restart due to an attempt to access an invalid memory region. The attacker does not control how or when crypto sessions are disconnected on the device. Cisco Bug IDs: CSCvb94392.

CVSS v3 6.3 MEDIUM
CVSS v2.0 6.3 MEDIUM

6.3^/10

CVSS v3 : MEDIUM

Vector : AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H

Exploitability : 1.8 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

6.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:S/C:N/I:N/A:C

Exploitability : 6.8 / Impact : 6.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://www.securityfocus.com/bid/97930	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1038328
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ios-xe-snmp	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:cisco:ios_xe:3.16.0cs:::::::*
	cpe:2.3:o:cisco:ios_xe:3.16.0s:::::::*
	cpe:2.3:o:cisco:ios_xe:3.16.1as:::::::*
	cpe:2.3:o:cisco:ios_xe:3.16.1s:::::::*
	cpe:2.3:o:cisco:ios_xe:3.16.2s:::::::*

History

No history.

Information

Published : 2017-04-20 22:59

Updated : 2024-02-28 15:44

NVD link : CVE-2017-6615

Mitre link : CVE-2017-6615

CVE.ORG link : CVE-2017-6615

JSON object : View

Products Affected

cisco

ios_xe

CWE

CWE-125

Out-of-bounds Read

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-399

Resource Management Errors

{"id": "CVE-2017-6615", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:C", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 1.8}]}, "published": "2017-04-20T22:59:00.760", "references": [{"url": "http://www.securityfocus.com/bid/97930", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1038328", "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ios-xe-snmp", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}, {"lang": "en", "value": "CWE-362"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-399"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE 3.16 could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a race condition that could occur when the affected software processes an SNMP read request that contains certain criteria for a specific object ID (OID) and an active crypto session is disconnected on an affected device. An attacker who can authenticate to an affected device could trigger this vulnerability by issuing an SNMP request for a specific OID on the device. A successful exploit will cause the device to restart due to an attempt to access an invalid memory region. The attacker does not control how or when crypto sessions are disconnected on the device. Cisco Bug IDs: CSCvb94392."}, {"lang": "es", "value": "Una vulnerabilidad en el subsistema de Simple Network Management Protocol (SNMP) de Cisco IOS XE 3.16 podr\u00eda permitir a un atacante remoto autenticado provocar denegaci\u00f3n de servicio (DoS). La vulnerabilidad se debe a una condici\u00f3n de competencia que podr\u00eda ocurrir cuando el software afectado procesa una petici\u00f3n de lectura SNMP que contiene ciertos criterios para un ID de objeto espec\u00edfico (OID) y una sesi\u00f3n de cifrado activa se desconecta en un dispositivo afectado. Un atacante que pueda autenticarse en un dispositivo afectado podr\u00eda activar esta vulnerabilidad emitiendo una solicitud SNMP para un OID espec\u00edfico en el dispositivo. Una explotaci\u00f3n exitosa har\u00e1 que el dispositivo se reinicie debido a un intento de acceso a una regi\u00f3n de memoria no v\u00e1lida. El atacante no controla c\u00f3mo o cu\u00e1ndo se desconectan las sesiones de cifrado en el dispositivo. Cisco Bug IDs: CSCvb94392."}], "lastModified": "2019-10-03T00:03:26.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios_xe:3.16.0cs:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5568EABF-8F43-4A87-8DE4-A03E9065BE53"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.16.0s:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A0E5BB91-B5E7-4961-87DC-26596E5EDED7"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.16.1as:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC72AA6D-9E18-49F7-95CA-A4A5D7A60E4E"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.16.1s:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D3822447-EB80-4DF2-B7F2-471F55BA99C0"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.16.2s:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "970FD986-6D0E-441C-9BF3-C66A25763A7A"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}