CVE-2017-6665 — Cleartext Transmission of Sensitive Info in Cisco IOS

CWE-319 — Cleartext Transmission of Sensitive Info CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 70.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS Cisco IOS XE

Timeline

PublishedAug 7

Latest updateMay 13

Description

A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to reset the Autonomic Control Plane (ACP) of an affected system and view ACP packets that are transferred in clear text within an affected system, an Information Disclosure Vulnerability. More Information: CSCvd51214. Known Affected Releases: Denali-16.2.1 Denali-16.3.1.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDcisco/ios117 versions+116

▶NVDcisco/ios_xe70 versions+69

🔴Vulnerability Details

GHSA

GHSA-qg9f-x569-p4r7: A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker↗2022-05-13

▶

CVEList

CVE-2017-6665: A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker↗2017-08-07

▶

📋Vendor Advisories

Cisco

Cisco IOS and IOS XE Software Autonomic Control Plane Channel Information Disclosure Vulnerability↗2017-07-26

▶