Lucene search

CiscoCVE-2017-3856

HistoryMar 22, 2017 - 7:59 p.m.

CVE-2017-3856

2017-03-2219:59:00

CWE-400

CWE-399

cisco

web.nvd.nist.gov

cve-2017-3856

cisco

vulnerability

web user interface

ios xe

denial of service

nvd

remote attacker

dos

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.004

Percentile

72.1%

JSON

A vulnerability in the web user interface of Cisco IOS XE 3.1 through 3.17 could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient resource handling by the affected software when the web user interface is under a high load. An attacker could exploit this vulnerability by sending a high number of requests to the web user interface of the affected software. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. To exploit this vulnerability, the attacker must have access to the management interface of the affected software, which is typically connected to a restricted management network. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software, if the web user interface of the software is enabled. By default, the web user interface is not enabled. Cisco Bug IDs: CSCup70353.

Affected configurations

Nvd

Node

ciscoios_xeMatch3.1.0s

ciscoios_xeMatch3.1.0sg

ciscoios_xeMatch3.1.1s

ciscoios_xeMatch3.1.1sg

ciscoios_xeMatch3.1.2s

ciscoios_xeMatch3.1.3as

ciscoios_xeMatch3.1.3s

ciscoios_xeMatch3.1.4as

ciscoios_xeMatch3.1.4s

ciscoios_xeMatch3.1s

ciscoios_xeMatch3.1sg

ciscoios_xeMatch3.2.0ja

ciscoios_xeMatch3.2.0se

ciscoios_xeMatch3.2.0sg

ciscoios_xeMatch3.2.0xo

ciscoios_xeMatch3.2.1s

ciscoios_xeMatch3.2.1se

ciscoios_xeMatch3.2.1sg

ciscoios_xeMatch3.2.1xo

ciscoios_xeMatch3.2.2s

ciscoios_xeMatch3.2.2se

ciscoios_xeMatch3.2.2sg

ciscoios_xeMatch3.2.3se

ciscoios_xeMatch3.2.3sg

ciscoios_xeMatch3.2.4sg

ciscoios_xeMatch3.2.5sg

ciscoios_xeMatch3.2.6sg

ciscoios_xeMatch3.2.7sg

ciscoios_xeMatch3.2.8sg

ciscoios_xeMatch3.2.9sg

ciscoios_xeMatch3.2.11sg

ciscoios_xeMatch3.2ja

ciscoios_xeMatch3.2s

ciscoios_xeMatch3.2se

ciscoios_xeMatch3.2sg

ciscoios_xeMatch3.2xo

ciscoios_xeMatch3.3.0s

ciscoios_xeMatch3.3.0se

ciscoios_xeMatch3.3.0sg

ciscoios_xeMatch3.3.0sq

ciscoios_xeMatch3.3.0xo

ciscoios_xeMatch3.3.1s

ciscoios_xeMatch3.3.1se

ciscoios_xeMatch3.3.1sg

ciscoios_xeMatch3.3.1sq

ciscoios_xeMatch3.3.1xo

ciscoios_xeMatch3.3.2s

ciscoios_xeMatch3.3.2se

ciscoios_xeMatch3.3.2sg

ciscoios_xeMatch3.3.2xo

ciscoios_xeMatch3.3.3se

ciscoios_xeMatch3.3.4se

ciscoios_xeMatch3.3.5se

ciscoios_xeMatch3.3s

ciscoios_xeMatch3.3se

ciscoios_xeMatch3.3sg

ciscoios_xeMatch3.3sq

ciscoios_xeMatch3.3xo

ciscoios_xeMatch3.4.0as

ciscoios_xeMatch3.4.0s

ciscoios_xeMatch3.4.0sg

ciscoios_xeMatch3.4.0sq

ciscoios_xeMatch3.4.1s

ciscoios_xeMatch3.4.1sg

ciscoios_xeMatch3.4.1sq

ciscoios_xeMatch3.4.2s

ciscoios_xeMatch3.4.2sg

ciscoios_xeMatch3.4.3s

ciscoios_xeMatch3.4.3sg

ciscoios_xeMatch3.4.4s

ciscoios_xeMatch3.4.4sg

ciscoios_xeMatch3.4.5s

ciscoios_xeMatch3.4.5sg

ciscoios_xeMatch3.4.6s

ciscoios_xeMatch3.4.6sg

ciscoios_xeMatch3.4.7sg

ciscoios_xeMatch3.4.8sg

ciscoios_xeMatch3.4s

ciscoios_xeMatch3.4sg

ciscoios_xeMatch3.4sq

ciscoios_xeMatch3.5.0e

ciscoios_xeMatch3.5.0s

ciscoios_xeMatch3.5.0sq

ciscoios_xeMatch3.5.1e

ciscoios_xeMatch3.5.1s

ciscoios_xeMatch3.5.1sq

ciscoios_xeMatch3.5.2e

ciscoios_xeMatch3.5.2s

ciscoios_xeMatch3.5.2sq

ciscoios_xeMatch3.5.3e

ciscoios_xeMatch3.5.3sq

ciscoios_xeMatch3.5.4sq

ciscoios_xeMatch3.5.5sq

ciscoios_xeMatch3.5e

ciscoios_xeMatch3.5s

ciscoios_xeMatch3.5sq

ciscoios_xeMatch3.6.0e

ciscoios_xeMatch3.6.0s

ciscoios_xeMatch3.6.1e

ciscoios_xeMatch3.6.1s

ciscoios_xeMatch3.6.2ae

ciscoios_xeMatch3.6.2s

ciscoios_xeMatch3.6.3e

ciscoios_xeMatch3.6.4e

ciscoios_xeMatch3.6.5ae

ciscoios_xeMatch3.6.5be

ciscoios_xeMatch3.6.5e

ciscoios_xeMatch3.6e

ciscoios_xeMatch3.6s

ciscoios_xeMatch3.7.0bs

ciscoios_xeMatch3.7.0e

ciscoios_xeMatch3.7.0s

ciscoios_xeMatch3.7.1e

ciscoios_xeMatch3.7.1s

ciscoios_xeMatch3.7.2e

ciscoios_xeMatch3.7.2s

ciscoios_xeMatch3.7.2ts

ciscoios_xeMatch3.7.3e

ciscoios_xeMatch3.7.3s

ciscoios_xeMatch3.7.4e

ciscoios_xeMatch3.7.4s

ciscoios_xeMatch3.7.5s

ciscoios_xeMatch3.7.6s

ciscoios_xeMatch3.7.7s

ciscoios_xeMatch3.7e

ciscoios_xeMatch3.7s

ciscoios_xeMatch3.8.0e

ciscoios_xeMatch3.8.0ex

ciscoios_xeMatch3.8.0s

ciscoios_xeMatch3.8.1e

ciscoios_xeMatch3.8.1s

ciscoios_xeMatch3.8.2e

ciscoios_xeMatch3.8.2s

ciscoios_xeMatch3.8e

ciscoios_xeMatch3.8ex

ciscoios_xeMatch3.8s

ciscoios_xeMatch3.9.0e

ciscoios_xeMatch3.9.0s

ciscoios_xeMatch3.9.1s

ciscoios_xeMatch3.9.2s

ciscoios_xeMatch3.9e

ciscoios_xeMatch3.9s

ciscoios_xeMatch3.10.0s

ciscoios_xeMatch3.10.1s

ciscoios_xeMatch3.10.1xbs

ciscoios_xeMatch3.10.2s

ciscoios_xeMatch3.10.2ts

ciscoios_xeMatch3.10.3s

ciscoios_xeMatch3.10.4s

ciscoios_xeMatch3.10.5s

ciscoios_xeMatch3.10.6s

ciscoios_xeMatch3.10.7s

ciscoios_xeMatch3.10.8s

ciscoios_xeMatch3.10s

ciscoios_xeMatch3.11.0s

ciscoios_xeMatch3.11.1s

ciscoios_xeMatch3.11.2s

ciscoios_xeMatch3.11.3s

ciscoios_xeMatch3.11.4s

ciscoios_xeMatch3.11s

ciscoios_xeMatch3.12.0as

ciscoios_xeMatch3.12.0s

ciscoios_xeMatch3.12.1s

ciscoios_xeMatch3.12.2s

ciscoios_xeMatch3.12.3s

ciscoios_xeMatch3.12.4s

ciscoios_xeMatch3.12s

ciscoios_xeMatch3.13.0as

ciscoios_xeMatch3.13.0s

ciscoios_xeMatch3.13.1s

ciscoios_xeMatch3.13.2as

ciscoios_xeMatch3.13.2s

ciscoios_xeMatch3.13.3s

ciscoios_xeMatch3.13.4s

ciscoios_xeMatch3.13s

ciscoios_xeMatch3.14.0s

ciscoios_xeMatch3.14.1s

ciscoios_xeMatch3.14.2s

ciscoios_xeMatch3.14.3s

ciscoios_xeMatch3.14.4s

ciscoios_xeMatch3.14s

ciscoios_xeMatch3.15.0s

ciscoios_xeMatch3.15.1cs

ciscoios_xeMatch3.15.1s

ciscoios_xeMatch3.15.2s

ciscoios_xeMatch3.15.3s

ciscoios_xeMatch3.15s

ciscoios_xeMatch3.16.0cs

ciscoios_xeMatch3.16.0s

ciscoios_xeMatch3.16.1as

ciscoios_xeMatch3.16.1s

ciscoios_xeMatch3.16s

ciscoios_xeMatch3.17.0s

ciscoios_xeMatch3.17.1as

ciscoios_xeMatch3.17.1s

ciscoios_xeMatch3.17.2s

ciscoios_xeMatch3.17.3s

ciscoios_xeMatch3.17s

VendorProductVersionCPE
ciscoios_xe3.1.0scpe:2.3:o:cisco:ios_xe:3.1.0s:*:*:*:*:*:*:*
ciscoios_xe3.1.0sgcpe:2.3:o:cisco:ios_xe:3.1.0sg:*:*:*:*:*:*:*
ciscoios_xe3.1.1scpe:2.3:o:cisco:ios_xe:3.1.1s:*:*:*:*:*:*:*
ciscoios_xe3.1.1sgcpe:2.3:o:cisco:ios_xe:3.1.1sg:*:*:*:*:*:*:*
ciscoios_xe3.1.2scpe:2.3:o:cisco:ios_xe:3.1.2s:*:*:*:*:*:*:*
ciscoios_xe3.1.3ascpe:2.3:o:cisco:ios_xe:3.1.3as:*:*:*:*:*:*:*
ciscoios_xe3.1.3scpe:2.3:o:cisco:ios_xe:3.1.3s:*:*:*:*:*:*:*
ciscoios_xe3.1.4ascpe:2.3:o:cisco:ios_xe:3.1.4as:*:*:*:*:*:*:*
ciscoios_xe3.1.4scpe:2.3:o:cisco:ios_xe:3.1.4s:*:*:*:*:*:*:*
ciscoios_xe3.1scpe:2.3:o:cisco:ios_xe:3.1s:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	ios_xe	3.1.0s	cpe:2.3:o:cisco:ios_xe:3.1.0s:::::::*
cisco	ios_xe	3.1.0sg	cpe:2.3:o:cisco:ios_xe:3.1.0sg:::::::*
cisco	ios_xe	3.1.1s	cpe:2.3:o:cisco:ios_xe:3.1.1s:::::::*
cisco	ios_xe	3.1.1sg	cpe:2.3:o:cisco:ios_xe:3.1.1sg:::::::*
cisco	ios_xe	3.1.2s	cpe:2.3:o:cisco:ios_xe:3.1.2s:::::::*
cisco	ios_xe	3.1.3as	cpe:2.3:o:cisco:ios_xe:3.1.3as:::::::*
cisco	ios_xe	3.1.3s	cpe:2.3:o:cisco:ios_xe:3.1.3s:::::::*
cisco	ios_xe	3.1.4as	cpe:2.3:o:cisco:ios_xe:3.1.4as:::::::*
cisco	ios_xe	3.1.4s	cpe:2.3:o:cisco:ios_xe:3.1.4s:::::::*
cisco	ios_xe	3.1s	cpe:2.3:o:cisco:ios_xe:3.1s:::::::*

Rows per page:

1-10 of 1981

CNA Affected

[
  {
    "product": "Cisco IOS XE",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco IOS XE"
      }
    ]
  }
]

References

www.securityfocus.com/bid/97007

www.securitytracker.com/id/1038101

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-webui

Social References

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.004

Percentile

72.1%

JSON

Related for CVE-2017-3856