Vulnerability-Lookup

CNVD-2017-13743

Vulnerability from cnvd - Published: 2017-07-11

Title

Cisco IOS XR Software本地拒绝服务漏洞（CNVD-2017-13743）

Description

Cisco IOS是多数思科系统路由器和网络交换机上使用的互联网络操作系统。 Cisco IOS XR Software存在拒绝服务漏洞，远程攻击者通过利用gRPC服务的内存泄漏漏洞可造成拒绝服务(进程重载）。

Severity

低

Patch Name

Cisco IOS XR Software本地拒绝服务漏洞（CNVD-2017-13743）的补丁

Patch Description

Cisco IOS是多数思科系统路由器和网络交换机上使用的互联网络操作系统。 Cisco IOS XR Software存在拒绝服务漏洞，远程攻击者通过利用gRPC服务的内存泄漏漏洞可造成拒绝服务(进程重载）。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-ncs

Reference

https://nvd.nist.gov/vuln/detail/CVE-2017-6666

Impacted products

Name
['Cisco IOS XR Software', 'Cisco Network Convergence System 5508 0', 'Cisco Network Convergence System 5500 Series Routers 0']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "98987"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-6666",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6666"
    }
  },
  "description": "Cisco IOS\u662f\u591a\u6570\u601d\u79d1\u7cfb\u7edf\u8def\u7531\u5668\u548c\u7f51\u7edc\u4ea4\u6362\u673a\u4e0a\u4f7f\u7528\u7684\u4e92\u8054\u7f51\u7edc\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nCisco IOS XR Software\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u901a\u8fc7\u5229\u7528gRPC\u670d\u52a1\u7684\u5185\u5b58\u6cc4\u6f0f\u6f0f\u6d1e\u53ef\u9020\u6210\u62d2\u7edd\u670d\u52a1(\u8fdb\u7a0b\u91cd\u8f7d\uff09\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-ncs",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-13743",
  "openTime": "2017-07-11",
  "patchDescription": "Cisco IOS\u662f\u591a\u6570\u601d\u79d1\u7cfb\u7edf\u8def\u7531\u5668\u548c\u7f51\u7edc\u4ea4\u6362\u673a\u4e0a\u4f7f\u7528\u7684\u4e92\u8054\u7f51\u7edc\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nCisco IOS XR Software\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u901a\u8fc7\u5229\u7528gRPC\u670d\u52a1\u7684\u5185\u5b58\u6cc4\u6f0f\u6f0f\u6d1e\u53ef\u9020\u6210\u62d2\u7edd\u670d\u52a1(\u8fdb\u7a0b\u91cd\u8f7d\uff09\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco IOS XR Software\u672c\u5730\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2017-13743\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco IOS XR Software",
      "Cisco Network Convergence System 5508 0",
      "Cisco Network Convergence System 5500 Series Routers 0"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-6666",
  "serverity": "\u4f4e",
  "submitTime": "2017-06-09",
  "title": "Cisco IOS XR Software\u672c\u5730\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2017-13743\uff09"
}

CVE-2017-6666 (GCVE-0-2017-6666)

Vulnerability from cvelistv5 – Published: 2017-06-13 06:00 – Updated: 2024-08-05 15:33

Summary

A vulnerability in the forwarding component of Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series Routers could allow an authenticated, local attacker to cause the router to stop forwarding data traffic across Traffic Engineering (TE) tunnels, resulting in a denial of service (DoS) condition. More Information: CSCvd16665. Known Affected Releases: 6.2.11.BASE. Known Fixed Releases: 6.1.3 6.1.2 6.3.1.8i.BASE 6.2.11.8i.BASE 6.2.2.9i.BASE 6.1.32.11i.BASE 6.1.31.10i.BASE 6.1.4.3i.BASE.

Severity ?

No CVSS data available.

CWE

Denial of Service Vulnerability

Assigner

cisco

References

URL

Tags

	https://tools.cisco.com/security/center/content/C…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/98987	vdb-entryx_refsource_BID
	http://www.securitytracker.com/id/1038630	vdb-entryx_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	n/a	Cisco Network Convergence System 5500 Series Routers	Affected: Cisco Network Convergence System 5500 Series Routers

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:33:20.517Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-ncs"
          },
          {
            "name": "98987",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/98987"
          },
          {
            "name": "1038630",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038630"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Network Convergence System 5500 Series Routers",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco Network Convergence System 5500 Series Routers"
            }
          ]
        }
      ],
      "datePublic": "2017-06-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the forwarding component of Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series Routers could allow an authenticated, local attacker to cause the router to stop forwarding data traffic across Traffic Engineering (TE) tunnels, resulting in a denial of service (DoS) condition. More Information: CSCvd16665. Known Affected Releases: 6.2.11.BASE. Known Fixed Releases: 6.1.3 6.1.2 6.3.1.8i.BASE 6.2.11.8i.BASE 6.2.2.9i.BASE 6.1.32.11i.BASE 6.1.31.10i.BASE 6.1.4.3i.BASE."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service Vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-07T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-ncs"
        },
        {
          "name": "98987",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/98987"
        },
        {
          "name": "1038630",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038630"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-6666",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Network Convergence System 5500 Series Routers",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco Network Convergence System 5500 Series Routers"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the forwarding component of Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series Routers could allow an authenticated, local attacker to cause the router to stop forwarding data traffic across Traffic Engineering (TE) tunnels, resulting in a denial of service (DoS) condition. More Information: CSCvd16665. Known Affected Releases: 6.2.11.BASE. Known Fixed Releases: 6.1.3 6.1.2 6.3.1.8i.BASE 6.2.11.8i.BASE 6.2.2.9i.BASE 6.1.32.11i.BASE 6.1.31.10i.BASE 6.1.4.3i.BASE."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service Vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-ncs",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-ncs"
            },
            {
              "name": "98987",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/98987"
            },
            {
              "name": "1038630",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038630"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2017-6666",
    "datePublished": "2017-06-13T06:00:00",
    "dateReserved": "2017-03-09T00:00:00",
    "dateUpdated": "2024-08-05T15:33:20.517Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2017-13743

CVE-2017-6666 (GCVE-0-2017-6666)

Tags

Sightings

Nomenclature