CVE-2017-6741 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco IOS XE Software

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources

Severity

8.8HIGHNVD

EPSS

31.9%

top 3.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS XE Software Intellishield Universal Product Cisco IOS XE

Timeline

PublishedJul 17

Latest updateMay 13

Description

A vulnerability in the SNMP implementation of could allow an authenticated, remote attacker to cause a reload of the affected system or to remotely execute code. An attacker could exploit this vulnerability by sending a crafted SNMP packet to the affected device. The vulnerability is due to a buffer overflow in the affected code area. The vulnerability affects all versions of SNMP (versions 1, 2c, and 3). The attacker must know the SNMP read only community string (SNMP version 2c or earlier) …

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶NVDcisco/ios_xe112 versions+111

▶CVEListV5cisco/cisco_ios_xe_software88 versions+87

▶CVEListV5intellishield/universal_productN/A

🔴Vulnerability Details

GHSA

GHSA-4p2r-xxqf-p9x8: The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12↗2022-05-13

▶

CVEList

CVE-2017-6741: A vulnerability in the SNMP implementation of could allow an authenticated, remote attacker to cause a reload of the affected system or to remotely ex↗2017-07-17

▶

📋Vendor Advisories

Cisco

SNMP Remote Code Execution Vulnerabilities in Cisco IOS and IOS XE Software↗2017-06-29

▶