CVE-2017-6731Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco IOS XR

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.7%
top 28.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS XR
Timeline
PublishedJul 10
Latest updateMay 17

Description

A vulnerability in Multicast Source Discovery Protocol (MSDP) ingress packet processing for Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the MSDP session to be unexpectedly reset, causing a short denial of service (DoS) condition. The MSDP session will restart within a few seconds. More Information: CSCvd94828. Known Affected Releases: 4.3.2.MCAST 6.0.2.BASE. Known Fixed Releases: 6.3.1.19i.MCAST 6.2.3.1i.MCAST 6.2.2.17i.MCAST 6.1.4.12i.MCAST.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDcisco/ios_xr4.3.2.mcast, 6.0.2.base+1

🔴Vulnerability Details

2
GHSA
GHSA-qvcw-7x8x-4p95: A vulnerability in Multicast Source Discovery Protocol (MSDP) ingress packet processing for Cisco IOS XR Software could allow an unauthenticated, remo2022-05-17
CVEList
CVE-2017-6731: A vulnerability in Multicast Source Discovery Protocol (MSDP) ingress packet processing for Cisco IOS XR Software could allow an unauthenticated, remo2017-07-10

📋Vendor Advisories

1
Cisco
Cisco IOS XR Software Multicast Source Discovery Protocol Session Denial of Service Vulnerability2017-07-05
CVE-2017-6731 — Cisco IOS XR vulnerability | cvebase