VAR-201702-0787
Vulnerability from variot - Updated: 2025-04-20 23:29A vulnerability in Simple Network Management Protocol (SNMP) functions of Cisco ASR 1000 Series Aggregation Services Routers running Cisco IOS XE Software Release 3.13.6S, 3.16.2S, or 3.17.1S could allow an authenticated, remote attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition. More Information: CSCux68796. Known Affected Releases: 15.5(3)S2.1 15.6(1)S1.1. Known Fixed Releases: 15.4(3)S6.1 15.4(3)S6.2 15.5(3)S2.2 15.5(3)S3 15.6(0.22)S0.23 15.6(1)S2 16.2(0.295) 16.3(0.94) 15.5.3S3. CiscoASR1000SeriesAggregationServicesRoutersrunningCiscoIOSXESoftware is a set of operating systems running on the ASR1000 series routers from Cisco. Cisco IOSXESoftware's \342\200\230SimpleNetworkManagementProtocol(SNMP)\342\200\231 function in Cisco ASR1000Series AggregationServicesRouters has a security vulnerability. This issue is being tracked by Cisco Bug ID CSCux68796. The following versions are affected: Cisco IOS XE Software Release 3.13.6S, 3.16.2S, 3.17.1S
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0787",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ios xe",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.17.1s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.16.2s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.13.6s"
},
{
"model": "ios xe software 3.17.1s",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios xe software 3.16.2s",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios xe software 3.13.6s",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "ios xe",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "asr series routers",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "1000"
},
{
"model": "asr series routers",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10000"
},
{
"model": "ios xe software 3.17.2s",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios xe software 3.16.3s",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "ios xe software 3.13.7s",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01168"
},
{
"db": "BID",
"id": "95934"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001723"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-015"
},
{
"db": "NVD",
"id": "CVE-2017-3820"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:ios_xe",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-001723"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "95934"
}
],
"trust": 0.3
},
"cve": "CVE-2017-3820",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2017-3820",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-01168",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-112023",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2017-3820",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-3820",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-3820",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-01168",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-015",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-112023",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01168"
},
{
"db": "VULHUB",
"id": "VHN-112023"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001723"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-015"
},
{
"db": "NVD",
"id": "CVE-2017-3820"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in Simple Network Management Protocol (SNMP) functions of Cisco ASR 1000 Series Aggregation Services Routers running Cisco IOS XE Software Release 3.13.6S, 3.16.2S, or 3.17.1S could allow an authenticated, remote attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition. More Information: CSCux68796. Known Affected Releases: 15.5(3)S2.1 15.6(1)S1.1. Known Fixed Releases: 15.4(3)S6.1 15.4(3)S6.2 15.5(3)S2.2 15.5(3)S3 15.6(0.22)S0.23 15.6(1)S2 16.2(0.295) 16.3(0.94) 15.5.3S3. CiscoASR1000SeriesAggregationServicesRoutersrunningCiscoIOSXESoftware is a set of operating systems running on the ASR1000 series routers from Cisco. Cisco IOSXESoftware\u0027s \\342\\200\\230SimpleNetworkManagementProtocol(SNMP)\\342\\200\\231 function in Cisco ASR1000Series AggregationServicesRouters has a security vulnerability. \nThis issue is being tracked by Cisco Bug ID CSCux68796. The following versions are affected: Cisco IOS XE Software Release 3.13.6S, 3.16.2S, 3.17.1S",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-3820"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001723"
},
{
"db": "CNVD",
"id": "CNVD-2017-01168"
},
{
"db": "BID",
"id": "95934"
},
{
"db": "VULHUB",
"id": "VHN-112023"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-3820",
"trust": 3.4
},
{
"db": "BID",
"id": "95934",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1037770",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001723",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201702-015",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-01168",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-112023",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01168"
},
{
"db": "VULHUB",
"id": "VHN-112023"
},
{
"db": "BID",
"id": "95934"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001723"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-015"
},
{
"db": "NVD",
"id": "CVE-2017-3820"
}
]
},
"id": "VAR-201702-0787",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01168"
},
{
"db": "VULHUB",
"id": "VHN-112023"
}
],
"trust": 1.20939359
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01168"
}
]
},
"last_update_date": "2025-04-20T23:29:44.994000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20170201-asrsnmp",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-asrsnmp"
},
{
"title": "Patch for CiscoASR1000SeriesRouters Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/88870"
},
{
"title": "Cisco ASR 1000 Series Aggregation Services Routers Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67405"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01168"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001723"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-015"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-665",
"trust": 1.1
},
{
"problemtype": "CWE-399",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-112023"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001723"
},
{
"db": "NVD",
"id": "CVE-2017-3820"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170201-asrsnmp"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/95934"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1037770"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3820"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-3820"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01168"
},
{
"db": "VULHUB",
"id": "VHN-112023"
},
{
"db": "BID",
"id": "95934"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001723"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-015"
},
{
"db": "NVD",
"id": "CVE-2017-3820"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-01168"
},
{
"db": "VULHUB",
"id": "VHN-112023"
},
{
"db": "BID",
"id": "95934"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001723"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-015"
},
{
"db": "NVD",
"id": "CVE-2017-3820"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-01168"
},
{
"date": "2017-02-03T00:00:00",
"db": "VULHUB",
"id": "VHN-112023"
},
{
"date": "2017-02-01T00:00:00",
"db": "BID",
"id": "95934"
},
{
"date": "2017-03-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-001723"
},
{
"date": "2017-02-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-015"
},
{
"date": "2017-02-03T07:59:00.857000",
"db": "NVD",
"id": "CVE-2017-3820"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-01168"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-112023"
},
{
"date": "2017-02-02T00:09:00",
"db": "BID",
"id": "95934"
},
{
"date": "2017-03-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-001723"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-015"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-3820"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-015"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco IOS XE Works ASR 1000 Series Aggregation Service Router SNMP In function CPU Vulnerabilities that cause heavy use of",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-001723"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-015"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…