⚠ Actively exploited
Added to CISA KEV on 2022-03-03. Federal agencies required to patch by 2022-03-24. Required action: Apply updates per vendor instructions..
CVE-2017-6737 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco IOS
Severity
8.8HIGHNVD
EPSS
34.2%
top 3.02%
CISA KEV
KEV
Added 2022-03-03
Due 2022-03-24
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedJul 17
KEV addedMar 3
KEV dueMar 24
Latest updateMay 13
CISA Required Action: Apply updates per vendor instructions.
Description
A vulnerability in the SNMP implementation of could allow an authenticated, remote attacker to cause a reload of the affected system or to remotely execute code. An attacker could exploit this vulnerability by sending a crafted SNMP packet to the affected device.
The vulnerability is due to a buffer overflow in the affected code area. The vulnerability affects all versions of SNMP (versions 1, 2c, and 3). The attacker must know the SNMP read only community string (SNMP version 2c or earlier) …
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages3 packages
🔴Vulnerability Details
3📋Vendor Advisories
3Juniper▶
CVE-2017-2345: On Junos OS devices with SNMP enabled, a network based attacker with unfiltered access to the RE can cause the Junos OS snmpd daemon to crash and rest↗2017-07-17