Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ciscoCiscoCISCO-SA-20170419-IOS-XE-SNMP
HistoryApr 19, 2017 - 4:00 p.m.

Cisco IOS and IOS XE Software Simple Network Management Protocol Subsystem Denial of Service Vulnerability

2017-04-1916:00:00
tools.cisco.com
20

EPSS

0.002

Percentile

58.9%

JSON

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition.

The vulnerability is due to a race condition that could occur when the affected software processes an SNMP read request that contains certain criteria for a specific object ID (OID) and an active crypto session is disconnected on an affected device. An attacker who can authenticate to an affected device could trigger this vulnerability by issuing an SNMP request for a specific OID on the device. A successful exploit will cause the device to restart due to an attempt to access an invalid memory region. The attacker does not control how or when crypto sessions are disconnected on the device.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ios-xe-snmp [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ios-xe-snmp”]

Affected configurations

Vulners
Node
ciscocisco_ios_and_ios-xe_softwareMatch3.16s
OR
ciscocisco_ios_and_ios-xe_softwareMatch3.16.0s
OR
ciscocisco_ios_and_ios-xe_softwareMatch3.16.1s
OR
ciscocisco_ios_and_ios-xe_softwareMatch3.16.1as
OR
ciscocisco_ios_and_ios-xe_softwareMatch3.16.2s
OR
ciscocisco_ios_and_ios-xe_softwareMatch3.16.0cs
VendorProductVersionCPE
ciscocisco_ios_and_ios-xe_software3.16scpe:2.3:a:cisco:cisco_ios_and_ios-xe_software:3.16s:*:*:*:*:*:*:*
ciscocisco_ios_and_ios-xe_software3.16.0scpe:2.3:a:cisco:cisco_ios_and_ios-xe_software:3.16.0s:*:*:*:*:*:*:*
ciscocisco_ios_and_ios-xe_software3.16.1scpe:2.3:a:cisco:cisco_ios_and_ios-xe_software:3.16.1s:*:*:*:*:*:*:*
ciscocisco_ios_and_ios-xe_software3.16.1ascpe:2.3:a:cisco:cisco_ios_and_ios-xe_software:3.16.1as:*:*:*:*:*:*:*
ciscocisco_ios_and_ios-xe_software3.16.2scpe:2.3:a:cisco:cisco_ios_and_ios-xe_software:3.16.2s:*:*:*:*:*:*:*
ciscocisco_ios_and_ios-xe_software3.16.0cscpe:2.3:a:cisco:cisco_ios_and_ios-xe_software:3.16.0cs:*:*:*:*:*:*:*

Related

cve 1
prion 1
openvas 1
nvd 1
cvelist 1
cve
cve
CVE-2017-6615
2017-04-20 22:59:00
prion
prion
Race condition
2017-04-20 22:59:00
openvas
openvas
Cisco IOS XE Software Simple Network Management Protocol Subsystem Denial of Service Vulnerability
2017-04-20 00:00:00
nvd
nvd
CVE-2017-6615
2017-04-20 22:59:00
cvelist
cvelist
CVE-2017-6615
2017-04-20 22:00:00

EPSS

0.002

Percentile

58.9%

JSON
Related for CISCO-SA-20170419-IOS-XE-SNMP
cve1prion1openvas1nvd1cvelist1