What is the severity of CVE-2017-6743?

CVE-2017-6743 is considered a high severity vulnerability due to its potential to allow remote code execution.

How do I fix CVE-2017-6743?

You can fix CVE-2017-6743 by updating the affected Cisco IOS or IOS XE software to the latest recommended version.

Which Cisco products are affected by CVE-2017-6743?

CVE-2017-6743 affects Cisco IOS versions 12.0 to 12.4, 15.0 to 15.6, as well as IOS XE versions 2.2 to 3.17.

Who can exploit CVE-2017-6743?

An authenticated, remote attacker can exploit CVE-2017-6743 to execute arbitrary code on the affected system.

What are the potential impacts of CVE-2017-6743?

The potential impacts of CVE-2017-6743 include unauthorized remote code execution and disruption of the affected network device.

Vulnerability/
CVE-2017-6743

Exploited

critical

CWE

119

17/7/2017

27/1/2025

CVE-2017-6743: Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability

First published: Mon Jul 17 2017(Updated: )

The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve60376, CSCve78027.

Credit: ykramarz@cisco.com psirt@cisco.com

Affected Software	Affected Version	How to fix
Cisco IOS XE Software
Cisco IOS	>=12.0<=12.4
Cisco IOS	>=15.0<=15.6
Cisco IOS XE	>=2.2.0<=3.17

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-6743?
CVE-2017-6743 is considered a high severity vulnerability due to its potential to allow remote code execution.
How do I fix CVE-2017-6743?
You can fix CVE-2017-6743 by updating the affected Cisco IOS or IOS XE software to the latest recommended version.
Which Cisco products are affected by CVE-2017-6743?
CVE-2017-6743 affects Cisco IOS versions 12.0 to 12.4, 15.0 to 15.6, as well as IOS XE versions 2.2 to 3.17.
Who can exploit CVE-2017-6743?
An authenticated, remote attacker can exploit CVE-2017-6743 to execute arbitrary code on the affected system.
What are the potential impacts of CVE-2017-6743?
The potential impacts of CVE-2017-6743 include unauthorized remote code execution and disruption of the affected network device.

agent/type
agent/description
agent/weakness
agent/title
agent/severity
agent/first-publish-date
agent/references
collector/mitre-cve
source/MITRE
agent/source
agent/author
agent/last-modified-date
agent/event
exploited/true
collector/cisa-known-exploited
source/CISA
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/tags
agent/softwarecombine
collector/nvd-api
source/NVD
collector/nvd-cve
collector/nvd-index
vendor/cisco
canonical/cisco ios xe software
canonical/cisco ios
version/cisco ios/12.0
version/cisco ios/12.4
version/cisco ios/15.0
version/cisco ios/15.6
canonical/cisco ios xe
version/cisco ios xe/2.2.0
version/cisco ios xe/3.17