CVE-2017-6666 : A vulnerability in the forwarding component of Cisco IOS XR Software for Cisco N

A vulnerability in the forwarding component of Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series Routers could allow an authenticated, local attacker to cause the router to stop forwarding data traffic across Traffic Engineering (TE) tunnels, resulting in a denial of service (DoS) condition. More Information: CSCvd16665. Known Affected Releases: 6.2.11.BASE. Known Fixed Releases: 6.1.3 6.1.2 6.3.1.8i.BASE 6.2.11.8i.BASE 6.2.2.9i.BASE 6.1.32.11i.BASE 6.1.31.10i.BASE 6.1.4.3i.BASE.

Published 2017-06-13 06:29:01

Updated 2019-10-03 00:03:26

Source Cisco Systems, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2017-6666

Cisco » Ios Xr » Version: 6.0.0
cpe:2.3:o:cisco:ios_xr:6.0.0:*:*:*:*:*:*:*
Matching versions
Cisco » Ios Xr » Version: 6.0.1
cpe:2.3:o:cisco:ios_xr:6.0.1:*:*:*:*:*:*:*
Matching versions
Cisco » Ios Xr » Version: 6.0 Base
cpe:2.3:o:cisco:ios_xr:6.0_base:*:*:*:*:*:*:*
Matching versions
Cisco » Ios Xr » Version: 6.1.1
cpe:2.3:o:cisco:ios_xr:6.1.1:*:*:*:*:*:*:*
Matching versions
Cisco » Ios Xr » Version: 6.1.0
cpe:2.3:o:cisco:ios_xr:6.1.0:*:*:*:*:*:*:*
Matching versions
Cisco » Ios Xr » Version: 6.2.1
cpe:2.3:o:cisco:ios_xr:6.2.1:*:*:*:*:*:*:*
Matching versions
Cisco » Ios Xr » Version: 6.2.0
cpe:2.3:o:cisco:ios_xr:6.2.0:*:*:*:*:*:*:*
Matching versions
Cisco » Ios Xr » Version: 6.1.2
cpe:2.3:o:cisco:ios_xr:6.1.2:*:*:*:*:*:*:*
Matching versions
Cisco » Ios Xr » Version: 6.1.3
cpe:2.3:o:cisco:ios_xr:6.1.3:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2017-6666

EPSS FAQ

0.07%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 20 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2017-6666

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
1.9	LOW	AV:L/AC:M/Au:N/C:N/I:N/A:P	3.4	2.9	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
6.0	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H	1.5	4.0	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Changed Confidentiality: None Integrity: None Availability: High

References for CVE-2017-6666

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-ncs

Cisco Network Convergence System 5500 Series Routers Local Denial of Service Vulnerability
Mitigation;Vendor Advisory
http://www.securitytracker.com/id/1038630

Cisco IOS XR on Network Convergence System 5500 Series Routers Lets Local Users Cause Denial of Service Conditions - SecurityTracker
http://www.securityfocus.com/bid/98987

Cisco IOS XR Software CVE-2017-6666 Local Denial of Service Vulnerability
Third Party Advisory;VDB Entry

Jump to

Vulnerability Details : CVE-2017-6666

Products affected by CVE-2017-6666

Exploit prediction scoring system (EPSS) score for CVE-2017-6666

CVSS scores for CVE-2017-6666

References for CVE-2017-6666