Remote Code Execution Risk in Cisco IOS SNMP Subsystem
CVE-2017-6741

8.8HIGH

Key Information:

Vendor

Cisco
Status
Cisco iOS Xe Software
Universal Product
Vendor
CVE Published:
17 July 2017

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸฃ EPSS 26%

What is CVE-2017-6741?

The SNMP subsystem within Cisco IOS and IOS XE software versions contains multiple vulnerabilities that could enable an authenticated remote attacker to execute arbitrary code or cause a reload of the affected system. This can occur through specially crafted SNMP packets sent to the target system. The vulnerabilities arise from a buffer overflow condition present in the SNMP service across all supported versions of SNMP: Versions 1, 2c, and 3. Exploits requiring SNMP Version 2c or earlier necessitate the attacker knowing the SNMP read-only community string, while those using SNMP Version 3 require valid user credentials. Any devices with SNMP enabled and without explicit exclusions for affected MIBs or OIDs are considered at-risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Cisco IOS XE Software 3.7.0S

Cisco IOS XE Software 3.7.1S

Cisco IOS XE Software 3.7.2S

References

https://sec.cloudapps.cisco.com/security/center/content/C...

EPSS Score

26% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

CVSS V3.0

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

JSON
.