CVE-2017-3803Missing Release of Resource after Effective Lifetime in Cisco IOS

CWE-772Missing Release of Resource after Effective LifetimeCWE-3994 documents4 sources
Severity
4.7MEDIUMNVD
EPSS
0.2%
top 61.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOSCisco IOS
Timeline
PublishedJan 26
Latest updateMay 13

Description

A vulnerability in the Cisco IOS Software forwarding queue of Cisco 2960X and 3750X switches could allow an unauthenticated, adjacent attacker to cause a memory leak in the software forwarding queue that would eventually lead to a partial denial of service (DoS) condition. More Information: CSCva72252. Known Affected Releases: 15.2(2)E3 15.2(4)E1. Known Fixed Releases: 15.2(2)E6 15.2(4)E3 15.2(5)E1 15.2(5.3.28i)E1 15.2(6.0.49i)E 3.9(1)E.

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDcisco/ios15.2\(2\)e3, 15.2\(4\)e1+1
CVEListV5cisco/cisco_iosCisco IOS

🔴Vulnerability Details

2
GHSA
GHSA-94r3-gpvr-mxj8: A vulnerability in the Cisco IOS Software forwarding queue of Cisco 2960X and 3750X switches could allow an unauthenticated, adjacent attacker to caus2022-05-13
CVEList
CVE-2017-3803: A vulnerability in the Cisco IOS Software forwarding queue of Cisco 2960X and 3750X switches could allow an unauthenticated, adjacent attacker to caus2017-01-26

📋Vendor Advisories

1
Cisco
Cisco IOS for Catalyst 2960X and 3750X Switches Denial of Service Vulnerability2017-01-18
CVE-2017-3803 — Cisco IOS vulnerability | cvebase