⚠ Actively exploited
Added to CISA KEV on 2022-03-03. Federal agencies required to patch by 2022-03-24. Required action: Apply updates per vendor instructions..

CVE-2017-6663Cisco IOS vulnerability

6 documents6 sources
Severity
6.5MEDIUMNVD
EPSS
2.3%
top 15.18%
CISA KEV
KEV
Added 2022-03-03
Due 2022-03-24
Exploit
Exploited in wild
Active exploitation observed
Affected products
2
Cisco IOSCisco IOS XE
Timeline
PublishedAug 7
KEV addedMar 3
KEV dueMar 24
Latest updateMay 13
CISA Required Action: Apply updates per vendor instructions.

Description

A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause autonomic nodes of an affected system to reload, resulting in a denial of service (DoS) condition. More Information: CSCvd88936. Known Affected Releases: Denali-16.2.1 Denali-16.3.1.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDcisco/ios117 versions+116
NVDcisco/ios_xe69 versions+68

🔴Vulnerability Details

3
GHSA
GHSA-3h3r-w377-6ffg: A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker2022-05-13
CVEList
CVE-2017-6663: A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker2017-08-07
VulnCheck
Cisco IOS Software and Cisco IOS XE Software Denial-of-Service Vulnerability2017

📋Vendor Advisories

2
CISA
Cisco IOS Software and Cisco IOS XE Software Denial-of-Service Vulnerability2022-03-03
Cisco
Cisco IOS and IOS XE Software Autonomic Networking Infrastructure Denial of Service Vulnerability2017-07-26
CVE-2017-6663 — Cisco IOS vulnerability | cvebase