CVE-2017-3824Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco IOS XE

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
6.8MEDIUMNVD
EPSS
0.5%
top 32.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS XE
Timeline
PublishedFeb 3
Latest updateMay 17

Description

A vulnerability in the handling of list headers in Cisco cBR Series Converged Broadband Routers could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of service (DoS) condition. Cisco cBR-8 Converged Broadband Routers running vulnerable versions of Cisco IOS XE are affected. More Information: CSCux40637. Known Affected Releases: 15.5(3)S 15.6(1)S. Known Fixed Releases: 15.5(3)S2 15.6(1)S1 15.6(2)S 15.6(2)SP 16.4(1).

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 2.2 | Impact: 4.0

Affected Packages1 packages

NVDcisco/ios_xe3.16.0, 3.16.1, 3.17.0+2

🔴Vulnerability Details

2
GHSA
GHSA-m9rq-2938-mw9p: A vulnerability in the handling of list headers in Cisco cBR Series Converged Broadband Routers could allow an unauthenticated, remote attacker to cau2022-05-17
CVEList
CVE-2017-3824: A vulnerability in the handling of list headers in Cisco cBR Series Converged Broadband Routers could allow an unauthenticated, remote attacker to cau2017-02-03

📋Vendor Advisories

1
Cisco
Cisco cBR Series Converged Broadband Routers List Headers Denial of Service Vulnerability2017-02-01
CVE-2017-3824 — Cisco IOS XE vulnerability | cvebase