⚠ Actively exploited
Added to CISA KEV on 2022-03-03. Federal agencies required to patch by 2022-03-24. Required action: Apply updates per vendor instructions..

CVE-2017-6739Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco IOS

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents6 sources
Severity
8.8HIGHNVD
EPSS
34.2%
top 3.02%
CISA KEV
KEV
Added 2022-03-03
Due 2022-03-24
Exploit
Exploited in wild
Active exploitation observed
Affected products
3
Cisco IOSCisco IOS XEIntellishield Universal Product
Timeline
PublishedJul 17
KEV addedMar 3
KEV dueMar 24
Latest updateMay 13
CISA Required Action: Apply updates per vendor instructions.

Description

A vulnerability in the SNMP implementation of could allow an authenticated, remote attacker to cause a reload of the affected system or to remotely execute code. An attacker could exploit this vulnerability by sending a crafted SNMP packet to the affected device. The vulnerability is due to a buffer overflow in the affected code area. The vulnerability affects all versions of SNMP (versions 1, 2c, and 3). The attacker must know the SNMP read only community string (SNMP version 2c or earlier)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

NVDcisco/ios12.012.4+1
NVDcisco/ios_xe2.2.03.17.0

🔴Vulnerability Details

3
GHSA
GHSA-p8jh-6v2f-m29j: The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 122022-05-13
CVEList
CVE-2017-6739: A vulnerability in the SNMP implementation of could allow an authenticated, remote attacker to cause a reload of the affected system or to remotely ex2017-07-17
VulnCheck
Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability2017

📋Vendor Advisories

2
CISA
Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability2022-03-03
Cisco
SNMP Remote Code Execution Vulnerabilities in Cisco IOS and IOS XE Software2017-06-29
CVE-2017-6739 — Cisco IOS vulnerability | cvebase