Vulnerability Details : CVE-2017-3859
A vulnerability in the DHCP code for the Zero Touch Provisioning feature of Cisco ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a format string vulnerability when processing a crafted DHCP packet for Zero Touch Provisioning. An attacker could exploit this vulnerability by sending a specially crafted DHCP packet to an affected device. An exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. This vulnerability affects Cisco ASR 920 Series Aggregation Services Routers that are running an affected release of Cisco IOS XE Software (3.13 through 3.18) and are listening on the DHCP server port. By default, the devices do not listen on the DHCP server port. Cisco Bug IDs: CSCuy56385.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2017-3859
- cpe:2.3:o:cisco:ios_xe:3.16.3s:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.13.5s:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.16.2s:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.17.1s:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.17.0s:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.16.2as:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.16.0s:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.14.4s:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.14.3s:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.16.0cs:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.15.3s:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.16.1as:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.13.4s:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.16.1s:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.15.2s:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.17.2s:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.16.2bs:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.17.1as:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.13.5as:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.15.4s:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.18.0s:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.18.1s:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.16.3as:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.18.0sp:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.13.6s:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.18.0as:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.18.1sp:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.18.3vs:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.18.2s:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.18.1csp:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.13.6as:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.18.1asp:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ios_xe:3.18.1bsp:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-3859
0.36%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 68 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-3859
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2017-3859
-
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.Assigned by:
- nvd@nist.gov (Primary)
- ykramarz@cisco.com (Secondary)
References for CVE-2017-3859
-
http://www.securitytracker.com/id/1038104
Cisco IOS XE for Cisco ASR 920 Series Routers Format String Bug in Zero Touch Provisioning Lets Remote Users Cause the Target System to Reload - SecurityTracker
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-ztp
Cisco IOS XE Software for Cisco ASR 920 Series Routers Zero Touch Provisioning Denial of Service VulnerabilityVendor Advisory
-
http://www.securityfocus.com/bid/97008
Cisco IOS XE Software CVE-2017-3859 Denial of Service VulnerabilityThird Party Advisory;VDB Entry
Jump to