Vulnerability Details : CVE-2017-6655
A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition when an FCoE-related process unexpectedly reloads. This vulnerability affects Cisco NX-OS Software on the following Cisco devices when they are configured for FCoE: Multilayer Director Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches. More Information: CSCvc91729. Known Affected Releases: 8.3(0)CV(0.833). Known Fixed Releases: 8.3(0)ISH(0.62) 8.3(0)CV(0.944) 8.1(1) 8.1(0.8)S0 7.3(2)D1(0.47).
Vulnerability category: OverflowDenial of service
Products affected by CVE-2017-6655
- cpe:2.3:o:cisco:nx-os:8.0\(1\)s2:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:nx-os:8.3\(0\)cv\(0.833\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:nx-os_for_nexus_5500_platform_switches:7.3\(1\)n1\(1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:mds_9000_nx-os:7.3\(1\)d1\(1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:nx-os_for_nexus_5600_platform_switches:7.3\(1\)n1\(1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:nx-os_for_nexus_7700_series_switches:8.0\(1\)\(ed\):*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-6655
0.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 41 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-6655
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.3
|
LOW | AV:A/AC:L/Au:N/C:N/I:N/A:P |
6.5
|
2.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2017-6655
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-6655
-
http://www.securitytracker.com/id/1038628
Cisco NX-OS Fibre Channel over Ethernet Frame Validation Bug Lets Remote Users Cause the Target System to Crash - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/98991
Cisco NX-OS Software CVE-2017-6655 Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-nxos
Cisco NX-OS Software Fibre Channel over Ethernet Denial of Service VulnerabilityVendor Advisory
Jump to