CVE-2017-6664Improper Certificate Validation in Cisco IOS XE

CWE-295Improper Certificate ValidationCWE-2646 documents6 sources
Severity
7.5HIGHNVD
EPSS
0.3%
top 43.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS XE
Timeline
PublishedAug 7
Latest updateMay 13

Description

A vulnerability in the Autonomic Networking feature of Cisco IOS XE Software could allow an unauthenticated, remote, autonomic node to access the Autonomic Networking infrastructure of an affected system, after the certificate for the autonomic node has been revoked. This vulnerability affected devices that are running Release 16.x of Cisco IOS XE Software and are configured to use Autonomic Networking. This vulnerability does not affect devices that are running an earlier release of Cisco IOS X

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDcisco/ios_xe29 versions+28

🔴Vulnerability Details

2
GHSA
GHSA-7v4f-rwhc-7rw2: A vulnerability in the Autonomic Networking feature of Cisco IOS XE Software could allow an unauthenticated, remote, autonomic node to access the Auto2022-05-13
CVEList
CVE-2017-6664: A vulnerability in the Autonomic Networking feature of Cisco IOS XE Software could allow an unauthenticated, remote, autonomic node to access the Auto2017-08-07

📋Vendor Advisories

2
Cisco
Cisco IOS XE Software Autonomic Networking Infrastructure Certificate Revocation Vulnerability2017-07-26
Red Hat
mysql: insecure error log file handling in mysqld_safe, incomplete CVE-2016-6664 fix (CPU Jan 2017)2017-01-17
CVE-2017-6664 — Improper Certificate Validation | cvebase