CVE-2017-3862

EPSS 0.68%
Published 20.04.2017 22:59:00
Last modified 20.04.2025 01:37:25
Source psirt@cisco.com
Teams watchlist Login
Open Login

Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer overflow condition or a reload of an affected device, leading to a denial of service (DoS) condition. These vulnerabilities are due to improper parsing of crafted EnergyWise packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted EnergyWise packets to be processed by an affected device. An exploit could allow the attacker to cause a buffer overflow condition or a reload of the affected device, leading to a DoS condition. Cisco IOS Software and Cisco IOS XE Software support EnergyWise for IPv4 communication. Only IPv4 packets destined to a device configured as an EnergyWise domain member can trigger these vulnerabilities. IPv6 packets cannot be used to trigger these vulnerabilities. Cisco Bug ID CSCuu76493.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Ios Xe Version3.2.1sg

Cisco ≫ Ios Xe Version3.2.8sg

Cisco ≫ Ios Xe Version3.3.1sg

Cisco ≫ Ios Xe Version3.3.1sq

Cisco ≫ Ios Xe Version3.4.1sg

Cisco ≫ Ios Xe Version3.4.2sg

Cisco ≫ Ios Xe Version3.4.3sg

Cisco ≫ Ios Xe Version3.4.6sg

Cisco ≫ Ios Xe Version3.4.8sg

Cisco ≫ Ios Xe Version3.5.1e

Cisco ≫ Ios Xe Version3.5.3e

Cisco ≫ Ios Xe Version3.6.0e

Cisco ≫ Ios Xe Version3.6.1e

Cisco ≫ Ios Xe Version3.6.2ae

Cisco ≫ Ios Xe Version3.6.2e

Cisco ≫ Ios Xe Version3.6.4e

Cisco ≫ Ios Xe Version3.6.5ae

Cisco ≫ Ios Xe Version3.6.5e

Cisco ≫ Ios Xe Version3.7.0e

Cisco ≫ Ios Xe Version3.7.1e

Cisco ≫ Ios Xe Version3.7.2e

Cisco ≫ Ios Xe Version3.7.3e

Cisco ≫ Ios Xe Version3.8.0e

Cisco ≫ Ios Xe Version3.18.1sp

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.68%	0.693

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.6	3.9	4	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
nvd@nist.gov	7.8	10	6.9	AV:N/AC:L/Au:N/C:N/I:N/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.securityfocus.com/bid/97935

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1038313

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-energywise

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-3862

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-3862

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-3862

EUVD