Remote code execution in Cisco IOS and Cisco IOS XE
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 9 |
| CVE-ID | CVE-2017-6736 CVE-2017-6737 CVE-2017-6738 CVE-2017-6739 CVE-2017-6740 CVE-2017-6741 CVE-2017-6742 CVE-2017-6743 CVE-2017-6744 |
| CWE-ID | CWE-120 |
| Exploitation vector | Network |
| Public exploit |
Vulnerability #1 is being exploited in the wild. Vulnerability #2 is being exploited in the wild. Vulnerability #3 is being exploited in the wild. Vulnerability #4 is being exploited in the wild. Vulnerability #5 is being exploited in the wild. Vulnerability #7 is being exploited in the wild. Vulnerability #8 is being exploited in the wild. Vulnerability #9 is being exploited in the wild. |
| Vulnerable software |
Cisco IOS Operating systems & Components / Operating system Cisco IOS XE Operating systems & Components / Operating system |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains information about 9 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU7290
Risk: High
CVSSv4.0: 8.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]
CVE-ID: CVE-2017-6736
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: Yes
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists in the Simple Network Management Protocol (SNMP) subsystem due to buffer overflow when handling malicious input. A remote attacker can send specially crafted SNMP packet via IPv4 or IPv6, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of the vulnerability results in system compromise.
The vulnerability is addressed in the following versions:
16.7(0.63), 16.6(0.229), 15.7(3.1.4A)OT, 15.7(2.0m)M, 15.5(3)S5.22, 15.2(1.2.82)SY2, 15.1(2)SY10.99.
Cisco IOS: 15.6.3 M1 - 16.5.1
Cisco IOS XE: 3.16.1aS
CPE2.3- cpe:2.3:o:cisco_systems:cisco_ios:15.6.3_M1:*:*:*:*:*:*:*
- cpe:2.3:o:cisco_systems:cisco_ios:16.5.1:*:*:*:*:*:*:*
- cpe:2.3:o:cisco_systems:cisco_ios_xe:3.16.1aS:*:*:*:*:*:*:*
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
2) Buffer overflow
EUVDB-ID: #VU7291
Risk: High
CVSSv4.0: 8.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]
CVE-ID: CVE-2017-6737
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists in the Simple Network Management Protocol (SNMP) subsystem due to buffer overflow when handling malicious input. A remote attacker can send specially crafted SNMP packet via IPv4 or IPv6, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of the vulnerability results in system compromise.
The vulnerability is addressed in the following versions:
15.7(3.1.4V)OT.
Cisco IOS: 15.6.3 M1
Cisco IOS XE: 3.16.1aS
CPE2.3https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
3) Buffer overflow
EUVDB-ID: #VU7292
Risk: High
CVSSv4.0: 8.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]
CVE-ID: CVE-2017-6738
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists in the Simple Network Management Protocol (SNMP) subsystem due to buffer overflow when handling malicious input. A remote attacker can send specially crafted SNMP packet via IPv4 or IPv6, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of the vulnerability results in system compromise.
The vulnerability is addressed in the following versions:
15.7(3.1.4A)OT, 15.7(2.0n)M, 15.2(1.2.86)SY2, 15.1(2)SY10.98.
Cisco IOS: 15.6.3 M1
Cisco IOS XE: 3.16.1aS
CPE2.3https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
4) Buffer overflow
EUVDB-ID: #VU7293
Risk: High
CVSSv4.0: 8.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]
CVE-ID: CVE-2017-6739
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists in the Simple Network Management Protocol (SNMP) subsystem due to buffer overflow when handling malicious input. A remote attacker can send specially crafted SNMP packet via IPv4 or IPv6, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of the vulnerability results in system compromise.
Install update from vendor's website.
Cisco IOS: 15.6.3 M1
Cisco IOS XE: 3.16.1aS
CPE2.3https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
5) Buffer overflow
EUVDB-ID: #VU7294
Risk: High
CVSSv4.0: 8.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]
CVE-ID: CVE-2017-6740
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists in the Simple Network Management Protocol (SNMP) subsystem due to buffer overflow when handling malicious input. A remote attacker can send specially crafted SNMP packet via IPv4 or IPv6, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of the vulnerability results in system compromise.
The vulnerability is addressed in the following versions:
15.5(3)S5.24, 15.4(3)S7.7, 15.3(3)S9.18.
Cisco IOS: 15.5.3 S
Cisco IOS XE: 3.16.1aS
CPE2.3 External linkshttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
6) Buffer overflow
EUVDB-ID: #VU7295
Risk: High
CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-6741
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists in the Simple Network Management Protocol (SNMP) subsystem due to buffer overflow when handling malicious input. A remote attacker can send specially crafted SNMP packet via IPv4 or IPv6, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of the vulnerability results in system compromise.
The vulnerability is addressed in the following versions:
16.7(0.63), 16.6(0.229), 16.5(1.61), 15.7(3.1.4A)OT, 15.7(2.0o)M, 15.5(3)S5.22, 15.2(1.2.81)SY2, 15.1(2)SY10.99, 8.2(154.58).
Cisco IOS: 12.4.24 T4 - 15.6.1 T0.1
Cisco IOS XE: 3.16.1aS
CPE2.3- cpe:2.3:o:cisco_systems:cisco_ios:12.4.24_T4:*:*:*:*:*:*:*
- cpe:2.3:o:cisco_systems:cisco_ios:15.6.1_T0.1:*:*:*:*:*:*:*
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Buffer overflow
EUVDB-ID: #VU7296
Risk: High
CVSSv4.0: 8.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]
CVE-ID: CVE-2017-6742
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists in the Simple Network Management Protocol (SNMP) subsystem due to buffer overflow when handling malicious input. A remote attacker can send specially crafted SNMP packet via IPv4 or IPv6, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of the vulnerability results in system compromise.
The vulnerability is addressed in the following versions:
16.7(0.63), 16.6(0.229), 15.7(3.1.4A)OT, 15.7(2.0n)M, 15.5(3)S5.22, 15.2(6.2.21i)E, 15.1(2)SY10.99.
Cisco IOS: 15.6.3 M1 - 16.5.1
Cisco IOS XE: 3.16.1aS
CPE2.3https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
8) Buffer overflow
EUVDB-ID: #VU7297
Risk: High
CVSSv4.0: 8.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]
CVE-ID: CVE-2017-6743
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists in the Simple Network Management Protocol (SNMP) subsystem due to buffer overflow when handling malicious input. A remote attacker can send specially crafted SNMP packet via IPv4 or IPv6, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of the vulnerability results in system compromise.
The vulnerability is addressed in the following versions:
16.7(0.68), 16.6(0.231), 15.7(3.1.4A)OT, 15.7(2.0n)M.
Cisco IOS: 15.6.3 M1 - 16.5.1
Cisco IOS XE: 3.16.1aS
CPE2.3https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
9) Buffer overflow
EUVDB-ID: #VU7298
Risk: High
CVSSv4.0: 8.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]
CVE-ID: CVE-2017-6744
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists in the Simple Network Management Protocol (SNMP) subsystem due to buffer overflow when handling malicious input. A remote attacker can send specially crafted SNMP packet via IPv4 or IPv6, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of the vulnerability results in system compromise.
The vulnerability is addressed in the following versions:
15.7(3.1.4A)OT, 15.7(2.0n)M, 16.7(0.68), 16.6(0.231).
Cisco IOS: 15.6.3 M1 - 16.5.1
Cisco IOS XE: 3.16.1aS
CPE2.3https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
