⚠ Actively exploited
Added to CISA KEV on 2023-04-19. Federal agencies required to patch by 2023-05-10. Required action: Apply updates per vendor instructions..
CVE-2017-6742 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco IOS
Severity
8.8HIGHNVD
EPSS
6.8%
top 8.66%
CISA KEV
KEV
Added 2023-04-19
Due 2023-05-10
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedJul 17
KEV addedApr 19
KEV dueMay 10
CISA Required Action: Apply updates per vendor instructions.
Description
A vulnerability in the SNMP implementation of could allow an authenticated, remote attacker to cause a reload of the affected system or to remotely execute code. An attacker could exploit this vulnerability by sending a crafted SNMP packet to the affected device.
The vulnerability is due to a buffer overflow in the affected code area. The vulnerability affects all versions of SNMP (versions 1, 2c, and 3). The attacker must know the SNMP read only community string (SNMP version 2c or earlier) …
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9