English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.106914
Category:CISCO
Title:SNMP Remote Code Execution Vulnerabilities in Cisco IOS Software
Summary:The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software;contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on;an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by;sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system;can be used to exploit these vulnerabilities.
Description:Summary:
The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software
contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on
an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by
sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system
can be used to exploit these vulnerabilities.

Vulnerability Insight:
The vulnerabilities are due to a buffer overflow condition in the SNMP
subsystem of the affected software. The vulnerabilities affect all versions of SNMP - Versions 1, 2c, and 3. To
exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community
string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user
credentials for the affected system.

Vulnerability Impact:
A successful exploit could allow the attacker to execute arbitrary code and
obtain full control of the affected system or cause the affected system to reload.

Solution:
See the referenced vendor advisory for a solution.

CVSS Score:
9.0

CVSS Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2017-6744
cisco-sa-20170629-snmp
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp
Common Vulnerability Exposure (CVE) ID: CVE-2017-6743
BugTraq ID: 99345
http://www.securityfocus.com/bid/99345
http://www.securitytracker.com/id/1038808
Common Vulnerability Exposure (CVE) ID: CVE-2017-6742
Common Vulnerability Exposure (CVE) ID: CVE-2017-6741
Common Vulnerability Exposure (CVE) ID: CVE-2017-6740
Common Vulnerability Exposure (CVE) ID: CVE-2017-6739
Common Vulnerability Exposure (CVE) ID: CVE-2017-6738
Common Vulnerability Exposure (CVE) ID: CVE-2017-6737
Common Vulnerability Exposure (CVE) ID: CVE-2017-6736
https://www.exploit-db.com/exploits/43450/
https://github.com/artkond/cisco-snmp-rce
CopyrightCopyright (C) 2017 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.