#VU7298 Buffer overflow in Cisco IOS and Cisco IOS XE - CVE-2017-6744

Cybersecurity Help s.r.o.

Published: 2017-07-03 | Updated: 2022-03-08

Vulnerability identifier: #VU7298

Vulnerability risk: High

CVSSv4.0: 8.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]

CVE-ID: CVE-2017-6744

CWE-ID: CWE-120

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Cisco IOS
Operating systems & Components / Operating system
Cisco IOS XE
Operating systems & Components / Operating system

Vendor: Cisco Systems, Inc

Description
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.

The weakness exists in the Simple Network Management Protocol (SNMP) subsystem due to buffer overflow when handling malicious input. A remote attacker can send specially crafted SNMP packet via IPv4 or IPv6, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability results in system compromise.

Mitigation
The vulnerability is addressed in the following versions:
15.7(3.1.4A)OT, 15.7(2.0n)M, 16.7(0.68), 16.6(0.231).

Vulnerable software versions

Cisco IOS: 15.6.3 M1, 16.5.1

Cisco IOS XE: 3.16.1aS

External links
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

Latest bulletins with this vulnerability

Remote code execution in Rockwell Automation Stratix, ArmoStratix and Allen-Bradley Stratix

Remote code execution in Cisco IOS and Cisco IOS XE