VAR-201702-0791
Vulnerability from variot - Updated: 2023-12-18 14:01A vulnerability in the handling of list headers in Cisco cBR Series Converged Broadband Routers could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of service (DoS) condition. Cisco cBR-8 Converged Broadband Routers running vulnerable versions of Cisco IOS XE are affected. More Information: CSCux40637. Known Affected Releases: 15.5(3)S 15.6(1)S. Known Fixed Releases: 15.5(3)S2 15.6(1)S1 15.6(2)S 15.6(2)SP 16.4(1). ( Reload device ) There are vulnerabilities that are put into a state. Vendors have confirmed this vulnerability Bug ID CSCux40637 It is released as.Remote attacker could disrupt service operation ( Reload device ) There is a possibility of being put into a state. CiscocBRSeriesConvergedBroadbandRouters is a router device. CiscocBRSeriesConvergedBroadbandRouters handles security holes in the list header field, allowing remote attackers to exploit vulnerabilities to submit special requests for denial of service attacks. Attackers can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCux40637. The platform supports the application of software-defined networking (SDN) and virtualization technologies to virtualize, integrate and automate cable operators' access architectures and more
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0791",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ios xe",
"scope": "eq",
"trust": 2.5,
"vendor": "cisco",
"version": "3.16.1"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.17.0"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.16.0"
},
{
"model": "cbr-8",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "0"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "3.17"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 0.9,
"vendor": "cisco",
"version": "3.16"
},
{
"model": "cbr-8 converged broadband router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "ios xe",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01195"
},
{
"db": "BID",
"id": "95937"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001619"
},
{
"db": "NVD",
"id": "CVE-2017-3824"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-013"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:ios_xe:3.16.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios_xe:3.16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ios_xe:3.17.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:cbr-8_converged_broadband_router:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-3824"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "95937"
}
],
"trust": 0.3
},
"cve": "CVE-2017-3824",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 5.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 5.4,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-3824",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-01195",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 5.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "VHN-112027",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-3824",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-3824",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-01195",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-013",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-112027",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01195"
},
{
"db": "VULHUB",
"id": "VHN-112027"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001619"
},
{
"db": "NVD",
"id": "CVE-2017-3824"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-013"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the handling of list headers in Cisco cBR Series Converged Broadband Routers could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of service (DoS) condition. Cisco cBR-8 Converged Broadband Routers running vulnerable versions of Cisco IOS XE are affected. More Information: CSCux40637. Known Affected Releases: 15.5(3)S 15.6(1)S. Known Fixed Releases: 15.5(3)S2 15.6(1)S1 15.6(2)S 15.6(2)SP 16.4(1). ( Reload device ) There are vulnerabilities that are put into a state. Vendors have confirmed this vulnerability Bug ID CSCux40637 It is released as.Remote attacker could disrupt service operation ( Reload device ) There is a possibility of being put into a state. CiscocBRSeriesConvergedBroadbandRouters is a router device. CiscocBRSeriesConvergedBroadbandRouters handles security holes in the list header field, allowing remote attackers to exploit vulnerabilities to submit special requests for denial of service attacks. \nAttackers can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. \nThis issue is being tracked by Cisco Bug ID CSCux40637. The platform supports the application of software-defined networking (SDN) and virtualization technologies to virtualize, integrate and automate cable operators\u0027 access architectures and more",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-3824"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001619"
},
{
"db": "CNVD",
"id": "CNVD-2017-01195"
},
{
"db": "BID",
"id": "95937"
},
{
"db": "VULHUB",
"id": "VHN-112027"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-3824",
"trust": 3.4
},
{
"db": "BID",
"id": "95937",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1037774",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001619",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201702-013",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-01195",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-112027",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01195"
},
{
"db": "VULHUB",
"id": "VHN-112027"
},
{
"db": "BID",
"id": "95937"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001619"
},
{
"db": "NVD",
"id": "CVE-2017-3824"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-013"
}
]
},
"id": "VAR-201702-0791",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01195"
},
{
"db": "VULHUB",
"id": "VHN-112027"
}
],
"trust": 1.29166665
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01195"
}
]
},
"last_update_date": "2023-12-18T14:01:41.042000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20170201-cbr",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170201-cbr"
},
{
"title": "CiscocBRSeriesConvergedBroadbandRouters Denial of Service Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/89172"
},
{
"title": "Cisco cBR-8 Converged Broadband Routers Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=67403"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01195"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001619"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-013"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-112027"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001619"
},
{
"db": "NVD",
"id": "CVE-2017-3824"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170201-cbr"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/95937"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1037774"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3824"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-3824"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01195"
},
{
"db": "VULHUB",
"id": "VHN-112027"
},
{
"db": "BID",
"id": "95937"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001619"
},
{
"db": "NVD",
"id": "CVE-2017-3824"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-013"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-01195"
},
{
"db": "VULHUB",
"id": "VHN-112027"
},
{
"db": "BID",
"id": "95937"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001619"
},
{
"db": "NVD",
"id": "CVE-2017-3824"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-013"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-01195"
},
{
"date": "2017-02-03T00:00:00",
"db": "VULHUB",
"id": "VHN-112027"
},
{
"date": "2017-02-01T00:00:00",
"db": "BID",
"id": "95937"
},
{
"date": "2017-03-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-001619"
},
{
"date": "2017-02-03T07:59:00.920000",
"db": "NVD",
"id": "CVE-2017-3824"
},
{
"date": "2017-02-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-013"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-01195"
},
{
"date": "2017-07-25T00:00:00",
"db": "VULHUB",
"id": "VHN-112027"
},
{
"date": "2017-02-02T00:09:00",
"db": "BID",
"id": "95937"
},
{
"date": "2017-03-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-001619"
},
{
"date": "2017-07-25T01:29:08.873000",
"db": "NVD",
"id": "CVE-2017-3824"
},
{
"date": "2017-02-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-013"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-013"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco cBR series Converged Broadband Service disruption in routers (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-001619"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-013"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…