CVE-2017-6770 — Improper Input Validation in Cisco Adaptive Security Appliance Software

CWE-20 — Improper Input Validation4 documents4 sources

Severity

4.2MEDIUMNVD

EPSS

0.6%

top 30.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Adaptive Security Appliance Software Cisco IOS Cisco IOS XE +4 more

Timeline

PublishedAug 7

Latest updateMay 13

Description

Cisco IOS 12.0 through 15.6, Adaptive Security Appliance (ASA) Software 7.0.1 through 9.7.1.2, NX-OS 4.0 through 12.0, and IOS XE 3.6 through 3.18 are affected by a vulnerability involving the Open Shortest Path First (OSPF) Routing Protocol Link State Advertisement (LSA) database. This vulnerability could allow an unauthenticated, remote attacker to take full control of the OSPF Autonomous System (AS) domain routing table, allowing the attacker to intercept or black-hole traffic. The attacker c…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 1.6 | Impact: 2.5

Affected Packages4 packages

▶NVDcisco/adaptive_security_appliance_software347 versions+346

▶NVDcisco/ios3091 versions+3090

▶NVDcisco/nx-os298 versions+297

▶NVDcisco/ios_xe48 versions+47

🔴Vulnerability Details

GHSA

GHSA-jc99-3vhg-wq8g: Cisco IOS 12↗2022-05-13

▶

CVEList

CVE-2017-6770: Cisco IOS 12↗2017-08-07

▶

📋Vendor Advisories

Cisco

Multiple Cisco Products OSPF LSA Manipulation Vulnerability↗2017-07-27

▶