CVE-2017-3853
published 2017-03-22CVE-2017-3853: A vulnerability in the Data-in-Motion (DMo) process installed with the Cisco IOx application environment could allow an unauthenticated, remote attacker to…
PriorityP270critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
8.71%
94.5th percentile
A vulnerability in the Data-in-Motion (DMo) process installed with the Cisco IOx application environment could allow an unauthenticated, remote attacker to cause a stack overflow that could allow remote code execution with root privileges in the virtual instance running on an affected device. The vulnerability is due to insufficient bounds checking in the DMo process. An attacker could exploit this vulnerability by sending crafted packets that are forwarded to the DMo process for evaluation. The impacts of a successful exploit are limited to the scope of the virtual instance and do not impact the router that is hosting Cisco IOx. This vulnerability affects the following Cisco 800 Series Industrial Integrated Services Routers: Cisco IR809 and Cisco IR829. Cisco IOx Releases 1.0.0.0 and 1.1.0.0 are vulnerable. Cisco Bug IDs: CSCuy52330.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | iox | — | — |
| cisco | iox | — | — |
| cisco | iox_data_in_motion | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect crafted packets forwarded to the DMo (Data-in-Motion) process within the Cisco IOx application environment, which may indicate exploitation of the stack overflow vulnerability ↗
- →Focus detection scope on the virtual instance running on Cisco IR809 and IR829 devices running Cisco IOx Releases 1.0.0.0 or 1.1.0.0, as these are the confirmed vulnerable targets ↗
- →Monitor for stack overflow indicators (e.g., abnormal process crashes or restarts) specifically in the DMo process within the IOx virtual instance, as successful exploitation grants root privileges within that instance ↗
- ·Exploitation impact is contained to the IOx virtual instance and does not affect the host router itself; detection and triage should be scoped accordingly ↗
- ·No workarounds exist for this vulnerability; patching to a fixed Cisco IOx release is the only mitigation ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_cisco9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco IOx Data in Motion Stack Overflow Vulnerability
vendor_cisco·2017-03-22·CVSS 9.8
CVE-2017-3853 [CRITICAL] CWE-119 Cisco IOx Data in Motion Stack Overflow Vulnerability
Cisco IOx Data in Motion Stack Overflow Vulnerability
A vulnerability in the Data-in-Motion (DMo) process installed with the Cisco IOx application environment could allow an unauthenticated, remote attacker to cause a stack overflow that could allow remote code execution with root privileges in the virtual instance running on an affected device.
The vulnerability is due to insufficient bounds checking in the DMo process. An attacker could exploit this vulnerability by sending crafted packets that are forwarded to the DMo process for evaluation. The impacts of a successful exploit are limited to the scope of the virtual instance and do not impact the router that is hosting Cisco IOx.
Cisco has released software updates that address this vulnerability. There are no workarounds that addres
Cisco
Cisco IOx Data in Motion Stack Overflow Vulnerability
vendor_cisco·CVSS 3.0
CVE-2017-3853 Cisco IOx Data in Motion Stack Overflow Vulnerability
CVE-2017-3853: Cisco IOx Data in Motion Stack Overflow Vulnerability
A vulnerability in the Data-in-Motion (DMo) process installed with the Cisco IOx application environment could allow an unauthenticated, remote attacker to cause a stack overflow that could allow remote code execution with root privileges in the virtual instance running on an affected device. The vulnerability is due to insufficient bounds checking in the DMo process. An attacker could exploit this vulnerability by sending crafted packets that are forwarded to the DMo process for evaluation. The impacts of a successful exploit are limited to the scope of the virtual instance and do not impact the router that is hosting Cisco IOx. Cisco has released software updates that address this vulnerability. There are no
CVSS: 3.0
C
GHSA
GHSA-q7j7-c4rf-9cfp: A vulnerability in the Data-in-Motion (DMo) process installed with the Cisco IOx application environment could allow an unauthenticated, remote attack
ghsa_unreviewed·2022-05-17
CVE-2017-3853 [CRITICAL] CWE-119 GHSA-q7j7-c4rf-9cfp: A vulnerability in the Data-in-Motion (DMo) process installed with the Cisco IOx application environment could allow an unauthenticated, remote attack
A vulnerability in the Data-in-Motion (DMo) process installed with the Cisco IOx application environment could allow an unauthenticated, remote attacker to cause a stack overflow that could allow remote code execution with root privileges in the virtual instance running on an affected device. The vulnerability is due to insufficient bounds checking in the DMo process. An attacker could exploit this vulnerability by sending crafted packets that are forwarded to the DMo process for evaluation. The impacts of a successful exploit are limited to the scope of the virtual instance and do not impact the router that is hosting Cisco IOx. This vulnerability affects the following Cisco 800 Series Industrial Integrated Services Routers: Cisco IR809 and Cisco IR829. Cisco IOx Releases 1.0.0.0 and 1.1.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/97011http://www.securitytracker.com/id/1038105https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-ioxhttp://www.securityfocus.com/bid/97011http://www.securitytracker.com/id/1038105https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-iox
2017-03-22
Published