CVE-2017-3860Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco IOS

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
8.6HIGHNVD
EPSS
0.7%
top 28.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOSCisco IOS XE
Timeline
PublishedApr 20
Latest updateMay 17

Description

Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer overflow condition or a reload of an affected device, leading to a denial of service (DoS) condition. These vulnerabilities are due to improper parsing of crafted EnergyWise packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted EnergyWise packets to be

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages2 packages

NVDcisco/ios352 versions+351
NVDcisco/ios_xe24 versions+23

🔴Vulnerability Details

2
GHSA
GHSA-f7gj-54hp-mr7v: Multiple vulnerabilities in the EnergyWise module of Cisco IOS (122022-05-17
CVEList
CVE-2017-3860: Multiple vulnerabilities in the EnergyWise module of Cisco IOS (122017-04-20

📋Vendor Advisories

1
Cisco
Cisco IOS and IOS XE Software EnergyWise Denial of Service Vulnerabilities2017-04-19
CVE-2017-3860 — Cisco IOS vulnerability | cvebase