CVE-2017-6741

Summary

A vulnerability in the SNMP implementation of could allow an authenticated, remote attacker to cause a reload of the affected system or to remotely execute code. An attacker could exploit this vulnerability by sending a crafted SNMP packet to the affected device. 

The vulnerability is due to a buffer overflow in the affected code area. The vulnerability affects all versions of SNMP (versions 1, 2c, and 3). The attacker must know the SNMP read only community string (SNMP version 2c or earlier) or the user credentials (SNMPv3). An exploit could allow the attacker to execute arbitrary code and obtain full control of the system or to cause a reload of the affected system.

Only traffic directed to the affected system can be used to exploit this vulnerability.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco IOS XE Software3.7.0Saffected
CiscoCisco IOS XE Software3.7.1Saffected
CiscoCisco IOS XE Software3.7.2Saffected
CiscoCisco IOS XE Software3.7.3Saffected
CiscoCisco IOS XE Software3.7.4Saffected
CiscoCisco IOS XE Software3.7.5Saffected
CiscoCisco IOS XE Software3.7.6Saffected
CiscoCisco IOS XE Software3.7.7Saffected
CiscoCisco IOS XE Software3.7.4aSaffected
CiscoCisco IOS XE Software3.7.2tSaffected
CiscoCisco IOS XE Software3.7.0bSaffected
CiscoCisco IOS XE Software3.8.0Saffected
CiscoCisco IOS XE Software3.8.1Saffected
CiscoCisco IOS XE Software3.8.2Saffected
CiscoCisco IOS XE Software3.9.1Saffected
CiscoCisco IOS XE Software3.9.0Saffected
CiscoCisco IOS XE Software3.9.2Saffected
CiscoCisco IOS XE Software3.9.0aSaffected
CiscoCisco IOS XE Software3.11.1Saffected
CiscoCisco IOS XE Software3.11.2Saffected
CiscoCisco IOS XE Software3.11.0Saffected
CiscoCisco IOS XE Software3.11.3Saffected
CiscoCisco IOS XE Software3.11.4Saffected
CiscoCisco IOS XE Software3.12.0Saffected
CiscoCisco IOS XE Software3.12.1Saffected
CiscoCisco IOS XE Software3.12.2Saffected
CiscoCisco IOS XE Software3.12.3Saffected
CiscoCisco IOS XE Software3.12.0aSaffected
CiscoCisco IOS XE Software3.12.4Saffected
CiscoCisco IOS XE Software3.13.0Saffected
CiscoCisco IOS XE Software3.13.1Saffected
CiscoCisco IOS XE Software3.13.2Saffected
CiscoCisco IOS XE Software3.13.3Saffected
CiscoCisco IOS XE Software3.13.4Saffected
CiscoCisco IOS XE Software3.13.5Saffected
CiscoCisco IOS XE Software3.13.2aSaffected
CiscoCisco IOS XE Software3.13.0aSaffected
CiscoCisco IOS XE Software3.13.5aSaffected
CiscoCisco IOS XE Software3.13.6Saffected
CiscoCisco IOS XE Software3.13.7Saffected
CiscoCisco IOS XE Software3.13.6aSaffected
CiscoCisco IOS XE Software3.13.7aSaffected
CiscoCisco IOS XE Software3.6.5bEaffected
CiscoCisco IOS XE Software3.14.0Saffected
CiscoCisco IOS XE Software3.14.1Saffected
CiscoCisco IOS XE Software3.14.2Saffected
CiscoCisco IOS XE Software3.14.3Saffected
CiscoCisco IOS XE Software3.14.4Saffected
CiscoCisco IOS XE Software3.15.0Saffected
CiscoCisco IOS XE Software3.15.1Saffected
CiscoCisco IOS XE Software3.15.2Saffected
CiscoCisco IOS XE Software3.15.1cSaffected
CiscoCisco IOS XE Software3.15.3Saffected
CiscoCisco IOS XE Software3.15.4Saffected
CiscoCisco IOS XE Software3.16.0Saffected
CiscoCisco IOS XE Software3.16.1Saffected
CiscoCisco IOS XE Software3.16.1aSaffected
CiscoCisco IOS XE Software3.16.2Saffected
CiscoCisco IOS XE Software3.16.0cSaffected
CiscoCisco IOS XE Software3.16.3Saffected
CiscoCisco IOS XE Software3.16.2bSaffected
CiscoCisco IOS XE Software3.16.4aSaffected
CiscoCisco IOS XE Software3.16.4bSaffected
CiscoCisco IOS XE Software3.16.5Saffected
CiscoCisco IOS XE Software3.16.4dSaffected
CiscoCisco IOS XE Software3.17.0Saffected
CiscoCisco IOS XE Software3.17.1Saffected
CiscoCisco IOS XE Software3.17.2Saffected
CiscoCisco IOS XE Software3.17.1aSaffected
CiscoCisco IOS XE Software3.17.3Saffected
CiscoCisco IOS XE Software16.2.1affected
CiscoCisco IOS XE Software16.2.2affected
CiscoCisco IOS XE Software16.3.1affected
CiscoCisco IOS XE Software16.3.2affected
CiscoCisco IOS XE Software16.3.3affected
CiscoCisco IOS XE Software16.3.1aaffected
CiscoCisco IOS XE Software16.3.4affected
CiscoCisco IOS XE Software16.4.1affected
CiscoCisco IOS XE Software16.4.2affected
CiscoCisco IOS XE Software16.5.1affected
CiscoCisco IOS XE Software16.5.1baffected
CiscoCisco IOS XE Software3.18.0aSaffected
CiscoCisco IOS XE Software3.18.0Saffected
CiscoCisco IOS XE Software3.18.1Saffected
CiscoCisco IOS XE Software3.18.0SPaffected
CiscoCisco IOS XE Software3.18.1SPaffected
CiscoCisco IOS XE Software3.18.1aSPaffected
CiscoCisco IOS XE Software3.18.2aSPaffected
IntelliShieldUniversal ProductN/Aaffected

Weaknesses

  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

ADP Enrichment

CVE Program Container

Additional References

References