CVE-2017-6720

CWE-119 — Buffer Overflow4 documents4 sources

Severity

6.5MEDIUM

EPSS

0.4%

top 36.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Esw2-350g-52 Firmware Cisco Esw2-350g-52dc Firmware Cisco Esw2-550x-48 Firmware +82 more

Timeline

PublishedSep 21

Latest updateMay 13

Description

A vulnerability in the Secure Shell (SSH) subsystem of Cisco Small Business Managed Switches software could allow an authenticated, remote attacker to cause a reload of the affected switch, resulting in a denial of service (DoS) condition. The vulnerability is due to improper processing of SSH connections. An attacker could exploit this vulnerability by logging in to an affected switch via SSH and sending a malicious SSH message. This vulnerability affects the following Cisco products when SSH i…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages86 packages

▶CVEListV5cisco_small_business_managed_switchesCisco Small Business Managed Switches

▶NVDcisco/esw2-550x-48_firmware< 1.4.8.06

▶NVDcisco/esw2-550x-48dc_firmware< 1.4.8.06

▶NVDcisco/sf550x-24_firmware< 2.3.0.130

▶NVDcisco/sf550x-48_firmware< 2.3.0.130

🔴Vulnerability Details

GHSA

GHSA-vgpr-hxgc-qpwh: A vulnerability in the Secure Shell (SSH) subsystem of Cisco Small Business Managed Switches software could allow an authenticated, remote attacker to↗2022-05-13

▶

CVEList

CVE-2017-6720: A vulnerability in the Secure Shell (SSH) subsystem of Cisco Small Business Managed Switches software could allow an authenticated, remote attacker to↗2017-09-21

▶

📋Vendor Advisories

Cisco

Cisco Small Business Managed Switches Denial of Service Vulnerability↗2017-09-20

▶