Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CNVD-2017-12532
Vulnerability from cnvd - Published: 2017-07-03
VLAI Severity ?
Title
Cisco IOS和IOS XE SNMP远程执行代码漏洞(CNVD-2017-12532)
Description
Cisco IOS是多数思科系统路由器和网络交换机上使用的互联网络操作系统。
Cisco IOS和IOS XE SNMP远程执行代码漏洞。允许远程攻击者通过发送构造的SNMP数据包使得SNMP服务缓冲区溢出,导致任意命令执行。
Severity
高
Patch Name
Cisco IOS和IOS XE SNMP远程执行代码漏洞(CNVD-2017-12532)的补丁
Patch Description
Cisco IOS是多数思科系统路由器和网络交换机上使用的互联网络操作系统。
Cisco IOS和IOS XE SNMP远程执行代码漏洞。允许远程攻击者通过发送构造的SNMP数据包使得SNMP服务缓冲区溢出,导致任意命令执行。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp
Reference
http://securitytracker.com/id/1038808
Impacted products
| Name | ['Cisco IOS XE', 'Cisco IOS'] |
|---|
{
"bids": {
"bid": {
"bidNumber": "99345"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2017-6740"
}
},
"description": "Cisco IOS\u662f\u591a\u6570\u601d\u79d1\u7cfb\u7edf\u8def\u7531\u5668\u548c\u7f51\u7edc\u4ea4\u6362\u673a\u4e0a\u4f7f\u7528\u7684\u4e92\u8054\u7f51\u7edc\u64cd\u4f5c\u7cfb\u7edf\u3002 \r\n\r\nCisco IOS\u548cIOS XE SNMP\u8fdc\u7a0b\u6267\u884c\u4ee3\u7801\u6f0f\u6d1e\u3002\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u901a\u8fc7\u53d1\u9001\u6784\u9020\u7684SNMP\u6570\u636e\u5305\u4f7f\u5f97SNMP\u670d\u52a1\u7f13\u51b2\u533a\u6ea2\u51fa\uff0c\u5bfc\u81f4\u4efb\u610f\u547d\u4ee4\u6267\u884c\u3002",
"discovererName": "Cisco",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2017-12532",
"openTime": "2017-07-03",
"patchDescription": "Cisco IOS\u662f\u591a\u6570\u601d\u79d1\u7cfb\u7edf\u8def\u7531\u5668\u548c\u7f51\u7edc\u4ea4\u6362\u673a\u4e0a\u4f7f\u7528\u7684\u4e92\u8054\u7f51\u7edc\u64cd\u4f5c\u7cfb\u7edf\u3002 \r\n\r\nCisco IOS\u548cIOS XE SNMP\u8fdc\u7a0b\u6267\u884c\u4ee3\u7801\u6f0f\u6d1e\u3002\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u901a\u8fc7\u53d1\u9001\u6784\u9020\u7684SNMP\u6570\u636e\u5305\u4f7f\u5f97SNMP\u670d\u52a1\u7f13\u51b2\u533a\u6ea2\u51fa\uff0c\u5bfc\u81f4\u4efb\u610f\u547d\u4ee4\u6267\u884c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Cisco IOS\u548cIOS XE SNMP\u8fdc\u7a0b\u6267\u884c\u4ee3\u7801\u6f0f\u6d1e\uff08CNVD-2017-12532\uff09\u7684\u8865\u4e01",
"products": {
"product": [
"Cisco IOS XE",
"Cisco IOS"
]
},
"referenceLink": "http://securitytracker.com/id/1038808",
"serverity": "\u9ad8",
"submitTime": "2017-07-02",
"title": "Cisco IOS\u548cIOS XE SNMP\u8fdc\u7a0b\u6267\u884c\u4ee3\u7801\u6f0f\u6d1e\uff08CNVD-2017-12532\uff09"
}
CVE-2017-6740 (GCVE-0-2017-6740)
Vulnerability from cvelistv5 – Published: 2017-07-17 21:00 – Updated: 2025-10-21 23:55
VLAI?
EPSS
Summary
The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities.
The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP - Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. A successful exploit could allow the attacker to execute arbitrary code and obtain full control of the affected system or cause the affected system to reload.
Customers are advised to apply the workaround as contained in the Workarounds section below. Fixed software information is available via the Cisco IOS Software Checker. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable.
There are workarounds that address these vulnerabilities.
Severity ?
8.8 (High)
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Cisco | IOS |
Affected:
12.2(14)ZA
Affected: 12.2(14)ZA3 Affected: 12.2(14)ZA2 Affected: 12.2(14)ZA5 Affected: 12.2(14)ZA4 Affected: 12.2(14)ZA6 Affected: 12.2(14)ZA7 Affected: 12.2(25)SE2 Affected: 12.2(29)SV2 Affected: 12.2(17d)SXB6 Affected: 12.2(17d)SXB11 Affected: 12.2(17d)SXB7 Affected: 12.2(17d)SXB4 Affected: 12.2(17d)SXB2 Affected: 12.2(17d)SXB3 Affected: 12.2(17d)SXB5 Affected: 12.2(17d)SXB10 Affected: 12.2(17d)SXB8 Affected: 12.2(17d)SXB11a Affected: 12.2(17d)SXB1 Affected: 12.2(17d)SXB9 Affected: 12.2(18)SO1 Affected: 12.2(18)SO3 Affected: 12.2(18)SO2 Affected: 12.2(18)SXF Affected: 12.2(18)SXF5 Affected: 12.2(18)SXF6 Affected: 12.2(18)SXF15 Affected: 12.2(18)SXF10 Affected: 12.2(18)SXF17b Affected: 12.2(18)SXF4 Affected: 12.2(18)SXF15a Affected: 12.2(18)SXF3 Affected: 12.2(18)SXF17 Affected: 12.2(18)SXF12 Affected: 12.2(18)SXF8 Affected: 12.2(18)SXF10a Affected: 12.2(18)SXF16 Affected: 12.2(18)SXF7 Affected: 12.2(18)SXF17a Affected: 12.2(18)SXF14 Affected: 12.2(18)SXF12a Affected: 12.2(18)SXF9 Affected: 12.2(18)SXF13 Affected: 12.2(18)SXF2 Affected: 12.2(18)SXF11 Affected: 12.2(28)ZX Affected: 12.2(33)STE0 Affected: 15.0(1)XO1 Affected: 15.0(1)XO Affected: 15.0(2)XO Affected: 15.0(2)SG11a Affected: 15.0(1)EX Affected: 15.0(2)EX2 Affected: 15.0(2)EX8 Affected: 15.0(2)EX10 Affected: 15.0(2)EX11 Affected: 15.0(2)EX13 Affected: 15.0(2)EX12 Affected: 15.1(2)SY9 Affected: 15.1(3)MRA3 Affected: 15.1(3)MRA4 Affected: 15.1(3)SVB1 Affected: 15.1(3)SVB2 Affected: 15.1(3)SVD Affected: 15.1(3)SVD1 Affected: 15.1(3)SVD2 Affected: 15.1(3)SVF Affected: 15.1(3)SVF1 Affected: 15.1(3)SVE Affected: 15.1(3)SVG Affected: 15.1(3)SVJ2 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:41:17.239Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99345",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99345"
},
{
"name": "1038808",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038808"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-6740",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-08T17:35:48.424441Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-03-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-6740"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:55:37.237Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-6740"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-03-03T00:00:00+00:00",
"value": "CVE-2017-6740 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "IOS",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "12.2(14)ZA"
},
{
"status": "affected",
"version": "12.2(14)ZA3"
},
{
"status": "affected",
"version": "12.2(14)ZA2"
},
{
"status": "affected",
"version": "12.2(14)ZA5"
},
{
"status": "affected",
"version": "12.2(14)ZA4"
},
{
"status": "affected",
"version": "12.2(14)ZA6"
},
{
"status": "affected",
"version": "12.2(14)ZA7"
},
{
"status": "affected",
"version": "12.2(25)SE2"
},
{
"status": "affected",
"version": "12.2(29)SV2"
},
{
"status": "affected",
"version": "12.2(17d)SXB6"
},
{
"status": "affected",
"version": "12.2(17d)SXB11"
},
{
"status": "affected",
"version": "12.2(17d)SXB7"
},
{
"status": "affected",
"version": "12.2(17d)SXB4"
},
{
"status": "affected",
"version": "12.2(17d)SXB2"
},
{
"status": "affected",
"version": "12.2(17d)SXB3"
},
{
"status": "affected",
"version": "12.2(17d)SXB5"
},
{
"status": "affected",
"version": "12.2(17d)SXB10"
},
{
"status": "affected",
"version": "12.2(17d)SXB8"
},
{
"status": "affected",
"version": "12.2(17d)SXB11a"
},
{
"status": "affected",
"version": "12.2(17d)SXB1"
},
{
"status": "affected",
"version": "12.2(17d)SXB9"
},
{
"status": "affected",
"version": "12.2(18)SO1"
},
{
"status": "affected",
"version": "12.2(18)SO3"
},
{
"status": "affected",
"version": "12.2(18)SO2"
},
{
"status": "affected",
"version": "12.2(18)SXF"
},
{
"status": "affected",
"version": "12.2(18)SXF5"
},
{
"status": "affected",
"version": "12.2(18)SXF6"
},
{
"status": "affected",
"version": "12.2(18)SXF15"
},
{
"status": "affected",
"version": "12.2(18)SXF10"
},
{
"status": "affected",
"version": "12.2(18)SXF17b"
},
{
"status": "affected",
"version": "12.2(18)SXF4"
},
{
"status": "affected",
"version": "12.2(18)SXF15a"
},
{
"status": "affected",
"version": "12.2(18)SXF3"
},
{
"status": "affected",
"version": "12.2(18)SXF17"
},
{
"status": "affected",
"version": "12.2(18)SXF12"
},
{
"status": "affected",
"version": "12.2(18)SXF8"
},
{
"status": "affected",
"version": "12.2(18)SXF10a"
},
{
"status": "affected",
"version": "12.2(18)SXF16"
},
{
"status": "affected",
"version": "12.2(18)SXF7"
},
{
"status": "affected",
"version": "12.2(18)SXF17a"
},
{
"status": "affected",
"version": "12.2(18)SXF14"
},
{
"status": "affected",
"version": "12.2(18)SXF12a"
},
{
"status": "affected",
"version": "12.2(18)SXF9"
},
{
"status": "affected",
"version": "12.2(18)SXF13"
},
{
"status": "affected",
"version": "12.2(18)SXF2"
},
{
"status": "affected",
"version": "12.2(18)SXF11"
},
{
"status": "affected",
"version": "12.2(28)ZX"
},
{
"status": "affected",
"version": "12.2(33)STE0"
},
{
"status": "affected",
"version": "15.0(1)XO1"
},
{
"status": "affected",
"version": "15.0(1)XO"
},
{
"status": "affected",
"version": "15.0(2)XO"
},
{
"status": "affected",
"version": "15.0(2)SG11a"
},
{
"status": "affected",
"version": "15.0(1)EX"
},
{
"status": "affected",
"version": "15.0(2)EX2"
},
{
"status": "affected",
"version": "15.0(2)EX8"
},
{
"status": "affected",
"version": "15.0(2)EX10"
},
{
"status": "affected",
"version": "15.0(2)EX11"
},
{
"status": "affected",
"version": "15.0(2)EX13"
},
{
"status": "affected",
"version": "15.0(2)EX12"
},
{
"status": "affected",
"version": "15.1(2)SY9"
},
{
"status": "affected",
"version": "15.1(3)MRA3"
},
{
"status": "affected",
"version": "15.1(3)MRA4"
},
{
"status": "affected",
"version": "15.1(3)SVB1"
},
{
"status": "affected",
"version": "15.1(3)SVB2"
},
{
"status": "affected",
"version": "15.1(3)SVD"
},
{
"status": "affected",
"version": "15.1(3)SVD1"
},
{
"status": "affected",
"version": "15.1(3)SVD2"
},
{
"status": "affected",
"version": "15.1(3)SVF"
},
{
"status": "affected",
"version": "15.1(3)SVF1"
},
{
"status": "affected",
"version": "15.1(3)SVE"
},
{
"status": "affected",
"version": "15.1(3)SVG"
},
{
"status": "affected",
"version": "15.1(3)SVJ2"
}
]
},
{
"product": "Universal Product",
"vendor": "IntelliShield",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities.\r\n\r The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP - Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. A successful exploit could allow the attacker to execute arbitrary code and obtain full control of the affected system or cause the affected system to reload.\r\n\r Customers are advised to apply the workaround as contained in the Workarounds section below. Fixed software information is available via the Cisco IOS Software Checker. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable.\r\n\r There are workarounds that address these vulnerabilities."
}
],
"exploits": [
{
"lang": "en",
"value": "At the time of initial publication, Cisco was aware of external knowledge of the vulnerabilities described in this advisory and, as a precaution, notified customers about the potential for exploitation.\r\n\r\nOn January 6, 2017, a security researcher published functional exploit code for these vulnerabilities.\r\n\r\nThe Cisco Product Security Incident Response Team (PSIRT) is aware of exploitation of the following vulnerabilities that are described in this advisory:\r\n\r\nCVE-2017-6736\r\nCVE-2017-6737\r\nCVE-2017-6738\r\nCVE-2017-6739\r\nCVE-2017-6740\r\nCVE-2017-6742\r\nCVE-2017-6743\r\nCVE-2017-6744\r\n\r\nThe Cisco PSIRT is aware of exploit code available for CVE-2017-6741.\r\n\r\nAdditional information can be found at Cisco TALOS: DNS Hijacking Abuses Trust In Core Internet Service [\"https://blog.talosintelligence.com/2019/04/seaturtle.html\"]."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "cvssV3_0"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-31T16:23:28.536Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-20170629-snmp",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp"
}
],
"source": {
"advisory": "cisco-sa-20170629-snmp",
"defects": [
"CSCve66601"
],
"discovery": "UNKNOWN"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2017-6740",
"datePublished": "2017-07-17T21:00:00.000Z",
"dateReserved": "2017-03-09T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:55:37.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…