Exploited
CWE
119
Advisory Published
Updated

CVE-2017-6740: Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability

First published: Mon Jul 17 2017(Updated: )

The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve66601.

Credit: ykramarz@cisco.com ykramarz@cisco.com

Affected SoftwareAffected VersionHow to fix
Cisco IOS=12.1\(13\)e3
Cisco IOS=12.1\(13\)e4
Cisco IOS=12.1\(13\)e5
Cisco IOS=12.1\(13\)e6
Cisco IOS=12.1\(13\)e7
Cisco IOS=12.1\(13\)e8
Cisco IOS=12.1\(13\)e9
Cisco IOS=12.1\(13\)e10
Cisco IOS=12.1\(13\)e11
Cisco IOS=12.1\(13\)e12
Cisco IOS=12.1\(13\)e13
Cisco IOS=12.1\(13\)e14
Cisco IOS=12.1\(13\)e15
Cisco IOS=12.1\(13\)e16
Cisco IOS=12.1\(13\)e17
Cisco IOS=12.1\(19\)e
Cisco IOS=12.1\(19\)e1
Cisco IOS=12.1\(20\)e
Cisco IOS=12.1\(20\)e1
Cisco IOS=12.1\(20\)e3
Cisco IOS=12.1\(20\)e4
Cisco IOS=12.1\(20\)e6
Cisco IOS=12.1\(22\)e
Cisco IOS=12.1\(22\)e1
Cisco IOS=12.1\(22\)e2
Cisco IOS=12.1\(22\)e3
Cisco IOS=12.1\(22\)e4
Cisco IOS=12.1\(22\)e5
Cisco IOS=12.1\(22\)e6
Cisco IOS=12.1\(23\)e
Cisco IOS=12.1\(23\)e1
Cisco IOS=12.1\(23\)e2
Cisco IOS=12.1\(23\)e3
Cisco IOS=12.1\(23\)e4
Cisco IOS=12.1\(26\)e
Cisco IOS=12.1\(26\)e1
Cisco IOS=12.1\(26\)e2
Cisco IOS=12.1\(26\)e3
Cisco IOS=12.1\(26\)e4
Cisco IOS=12.1\(26\)e5
Cisco IOS=12.1\(26\)e6
Cisco IOS=12.1\(26\)e7
Cisco IOS=12.1\(26\)e8
Cisco IOS=12.1\(26\)e9
Cisco IOS=12.1\(27b\)e
Cisco IOS=12.1\(27b\)e1
Cisco IOS=12.1\(27b\)e2
Cisco IOS=12.1\(27b\)e3
Cisco IOS=12.1\(27b\)e4
Cisco IOS=12.2\(14\)za
Cisco IOS=12.2\(14\)za2
Cisco IOS=12.2\(14\)za3
Cisco IOS=12.2\(14\)za4
Cisco IOS=12.2\(14\)za5
Cisco IOS=12.2\(14\)za6
Cisco IOS=12.2\(14\)za7
Cisco IOS=12.2\(17a\)sx1
Cisco IOS=12.2\(17a\)sx2
Cisco IOS=12.2\(17a\)sx4
Cisco IOS=12.2\(17b\)sxa2
Cisco IOS=12.2\(17d\)sxb1
Cisco IOS=12.2\(17d\)sxb2
Cisco IOS=12.2\(17d\)sxb3
Cisco IOS=12.2\(17d\)sxb4
Cisco IOS=12.2\(17d\)sxb5
Cisco IOS=12.2\(17d\)sxb6
Cisco IOS=12.2\(17d\)sxb7
Cisco IOS=12.2\(17d\)sxb8
Cisco IOS=12.2\(17d\)sxb9
Cisco IOS=12.2\(17d\)sxb10
Cisco IOS=12.2\(17d\)sxb11
Cisco IOS=12.2\(17d\)sxb11a
Cisco IOS=12.2\(18\)s
Cisco IOS=12.2\(18\)s1
Cisco IOS=12.2\(18\)s2
Cisco IOS=12.2\(18\)s3
Cisco IOS=12.2\(18\)s4
Cisco IOS=12.2\(18\)s8
Cisco IOS=12.2\(18\)s9
Cisco IOS=12.2\(18\)s10
Cisco IOS=12.2\(18\)s11
Cisco IOS=12.2\(18\)s12
Cisco IOS=12.2\(18\)s13
Cisco IOS=12.2\(18\)sxd1
Cisco IOS=12.2\(18\)sxf
Cisco IOS=12.2\(18\)sxf2
Cisco IOS=12.2\(18\)sxf3
Cisco IOS=12.2\(18\)sxf4
Cisco IOS=12.2\(18\)sxf5
Cisco IOS=12.2\(18\)sxf6
Cisco IOS=12.2\(18\)sxf7
Cisco IOS=12.2\(18\)sxf8
Cisco IOS=12.2\(18\)sxf9
Cisco IOS=12.2\(18\)sxf10
Cisco IOS=12.2\(18\)sxf10a
Cisco IOS=12.2\(18\)sxf11
Cisco IOS=12.2\(18\)sxf12
Cisco IOS=12.2\(18\)sxf12a
Cisco IOS=12.2\(18\)sxf13
Cisco IOS=12.2\(18\)sxf14
Cisco IOS=12.2\(18\)sxf15
Cisco IOS=12.2\(18\)sxf15a
Cisco IOS=12.2\(18\)sxf16
Cisco IOS=12.2\(18\)sxf17
Cisco IOS=12.2\(18\)sxf17a
Cisco IOS=12.2\(18\)sxf17b
Cisco IOS>=12.0<=12.4
Cisco IOS>=15.0<=15.6
Cisco IOS XE>=2.2.0<=3.17

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203