CVE-2017-6615 : A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE 3.16 could allow an authentic

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE 3.16 could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a race condition that could occur when the affected software processes an SNMP read request that contains certain criteria for a specific object ID (OID) and an active crypto session is disconnected on an affected device. An attacker who can authenticate to an affected device could trigger this vulnerability by issuing an SNMP request for a specific OID on the device. A successful exploit will cause the device to restart due to an attempt to access an invalid memory region. The attacker does not control how or when crypto sessions are disconnected on the device. Cisco Bug IDs: CSCvb94392.

Published 2017-04-20 22:59:01

Updated 2019-10-03 00:03:26

Source Cisco Systems, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Exploit prediction scoring system (EPSS) score for CVE-2017-6615

Probability of exploitation activity in the next 30 days: 0.21%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 58 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2017-6615

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.3	MEDIUM	AV:N/AC:M/Au:S/C:N/I:N/A:C	6.8	6.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: Single Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete
6.3	MEDIUM	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H	1.8	4.0	NIST
Attack Vector: Network Attack Complexity: High Privileges Required: Low User Interaction: None Scope: Changed Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2017-6615

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

Assigned by: nvd@nist.gov (Primary)
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

Assigned by: nvd@nist.gov (Primary)
CWE-399

Assigned by: ykramarz@cisco.com (Secondary)

References for CVE-2017-6615

http://www.securityfocus.com/bid/97930

Cisco IOS XE Software CVE-2017-6615 Denial of Service Vulnerability
Third Party Advisory;VDB Entry
http://www.securitytracker.com/id/1038328

Cisco IOS XE SNMP Race Condition Lets Remote Authenticated Users Cause the Target System to Restart - SecurityTracker
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ios-xe-snmp

Cisco IOS and IOS XE Software Simple Network Management Protocol Subsystem Denial of Service Vulnerability
Vendor Advisory

Products affected by CVE-2017-6615

Cisco » Ios Xe » Version: 3.16.2s
cpe:2.3:o:cisco:ios_xe:3.16.2s:*:*:*:*:*:*:*
Matching versions
Cisco » Ios Xe » Version: 3.16.0s
cpe:2.3:o:cisco:ios_xe:3.16.0s:*:*:*:*:*:*:*
Matching versions
Cisco » Ios Xe » Version: 3.16.0cs
cpe:2.3:o:cisco:ios_xe:3.16.0cs:*:*:*:*:*:*:*
Matching versions
Cisco » Ios Xe » Version: 3.16.1as
cpe:2.3:o:cisco:ios_xe:3.16.1as:*:*:*:*:*:*:*
Matching versions
Cisco » Ios Xe » Version: 3.16.1s
cpe:2.3:o:cisco:ios_xe:3.16.1s:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2017-6615

Exploit prediction scoring system (EPSS) score for CVE-2017-6615

CVSS scores for CVE-2017-6615

CWE ids for CVE-2017-6615

References for CVE-2017-6615

Products affected by CVE-2017-6615