CVE-2017-6740

Summary

The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP - Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. A successful exploit could allow the attacker to execute arbitrary code and obtain full control of the affected system or cause the affected system to reload. Customers are advised to apply the workaround as contained in the Workarounds section below. Fixed software information is available via the Cisco IOS Software Checker. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. There are workarounds that address these vulnerabilities.

Affected Software

VendorProductVersion RangeStatus
CiscoIOS12.2(14)ZAaffected
CiscoIOS12.2(14)ZA3affected
CiscoIOS12.2(14)ZA2affected
CiscoIOS12.2(14)ZA5affected
CiscoIOS12.2(14)ZA4affected
CiscoIOS12.2(14)ZA6affected
CiscoIOS12.2(14)ZA7affected
CiscoIOS12.2(25)SE2affected
CiscoIOS12.2(29)SV2affected
CiscoIOS12.2(17d)SXB6affected
CiscoIOS12.2(17d)SXB11affected
CiscoIOS12.2(17d)SXB7affected
CiscoIOS12.2(17d)SXB4affected
CiscoIOS12.2(17d)SXB2affected
CiscoIOS12.2(17d)SXB3affected
CiscoIOS12.2(17d)SXB5affected
CiscoIOS12.2(17d)SXB10affected
CiscoIOS12.2(17d)SXB8affected
CiscoIOS12.2(17d)SXB11aaffected
CiscoIOS12.2(17d)SXB1affected
CiscoIOS12.2(17d)SXB9affected
CiscoIOS12.2(18)SO1affected
CiscoIOS12.2(18)SO3affected
CiscoIOS12.2(18)SO2affected
CiscoIOS12.2(18)SXFaffected
CiscoIOS12.2(18)SXF5affected
CiscoIOS12.2(18)SXF6affected
CiscoIOS12.2(18)SXF15affected
CiscoIOS12.2(18)SXF10affected
CiscoIOS12.2(18)SXF17baffected
CiscoIOS12.2(18)SXF4affected
CiscoIOS12.2(18)SXF15aaffected
CiscoIOS12.2(18)SXF3affected
CiscoIOS12.2(18)SXF17affected
CiscoIOS12.2(18)SXF12affected
CiscoIOS12.2(18)SXF8affected
CiscoIOS12.2(18)SXF10aaffected
CiscoIOS12.2(18)SXF16affected
CiscoIOS12.2(18)SXF7affected
CiscoIOS12.2(18)SXF17aaffected
CiscoIOS12.2(18)SXF14affected
CiscoIOS12.2(18)SXF12aaffected
CiscoIOS12.2(18)SXF9affected
CiscoIOS12.2(18)SXF13affected
CiscoIOS12.2(18)SXF2affected
CiscoIOS12.2(18)SXF11affected
CiscoIOS12.2(28)ZXaffected
CiscoIOS12.2(33)STE0affected
CiscoIOS15.0(1)XO1affected
CiscoIOS15.0(1)XOaffected
CiscoIOS15.0(2)XOaffected
CiscoIOS15.0(2)SG11aaffected
CiscoIOS15.0(1)EXaffected
CiscoIOS15.0(2)EX2affected
CiscoIOS15.0(2)EX8affected
CiscoIOS15.0(2)EX10affected
CiscoIOS15.0(2)EX11affected
CiscoIOS15.0(2)EX13affected
CiscoIOS15.0(2)EX12affected
CiscoIOS15.1(2)SY9affected
CiscoIOS15.1(3)MRA3affected
CiscoIOS15.1(3)MRA4affected
CiscoIOS15.1(3)SVB1affected
CiscoIOS15.1(3)SVB2affected
CiscoIOS15.1(3)SVDaffected
CiscoIOS15.1(3)SVD1affected
CiscoIOS15.1(3)SVD2affected
CiscoIOS15.1(3)SVFaffected
CiscoIOS15.1(3)SVF1affected
CiscoIOS15.1(3)SVEaffected
CiscoIOS15.1(3)SVGaffected
CiscoIOS15.1(3)SVJ2affected
IntelliShieldUniversal ProductN/Aaffected

Weaknesses

  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: no
    • Technical Impact: total

Additional References

References