CVE-2017-3820 — Improper Initialization in Cisco IOS XE

CWE-665 — Improper Initialization CWE-3996 documents5 sources

Severity

6.5MEDIUMNVD

OSV8.1OSV7.8

EPSS

0.6%

top 30.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gnome Gnome-shell Cisco IOS XE

Timeline

PublishedFeb 3

Latest updateOct 3

Description

A vulnerability in Simple Network Management Protocol (SNMP) functions of Cisco ASR 1000 Series Aggregation Services Routers running Cisco IOS XE Software Release 3.13.6S, 3.16.2S, or 3.17.1S could allow an authenticated, remote attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition. More Information: CSCux68796. Known Affected Releases: 15.5(3)S2.1 15.6(1)S1.1. Known Fixed Releases: 15.4(3)S6.1 15.4(3)S6.2 15.5(3)S2.2 15.5(3)S3 15.6(0.22)S0.23 1…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDcisco/ios_xe3.13.6s, 3.16.2s, 3.17.1s+2

▶Ubuntugnome/gnome-shell< 3.18.5-0ubuntu0.3+esm1

🔴Vulnerability Details

OSV

gnome-shell vulnerabilities↗2024-10-03

▶

GHSA

GHSA-4jfr-3638-m4hp: A vulnerability in Simple Network Management Protocol (SNMP) functions of Cisco ASR 1000 Series Aggregation Services Routers running Cisco IOS XE Soft↗2022-05-13

▶

OSV

linux-hwe, linux-azure, linux-gcp vulnerabilities↗2018-11-14

▶

CVEList

CVE-2017-3820: A vulnerability in Simple Network Management Protocol (SNMP) functions of Cisco ASR 1000 Series Aggregation Services Routers running Cisco IOS XE Soft↗2017-02-03

▶

📋Vendor Advisories

Cisco

Cisco ASR 1000 Series Aggregation Services Routers SNMP High CPU Denial of Service Vulnerability↗2017-02-01

▶