CVE-2017-3883

EPSS 2.62%
Published 19.10.2017 08:29:00
Last modified 20.04.2025 01:37:25
Source psirt@cisco.com
Teams watchlist Login
Open Login

A vulnerability in the authentication, authorization, and accounting (AAA) implementation of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability occurs because AAA processes prevent the NX-OS System Manager from receiving keepalive messages when an affected device receives a high rate of login attempts, such as in a brute-force login attack. System memory can run low on the FXOS devices under the same conditions, which could cause the AAA process to unexpectedly restart or cause the device to reload. An attacker could exploit this vulnerability by performing a brute-force login attack against a device that is configured with AAA security services. A successful exploit could allow the attacker to cause the affected device to reload. This vulnerability affects the following Cisco products if they are running Cisco FXOS or NX-OS System Software that is configured for AAA services: Firepower 4100 Series Next-Generation Firewall, Firepower 9300 Security Appliance, Multilayer Director Switches, Nexus 1000V Series Switches, Nexus 1100 Series Cloud Services Platforms, Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Unified Computing System (UCS) 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCuq58760, CSCuq71257, CSCur97432, CSCus05214, CSCux54898, CSCvc33141, CSCvd36971, CSCve03660.

Affected products Warnungen 0 Metrics 3 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Firepower Extensible Operating System Version <= 2.3

Cisco ≫ Firepower 4100 Version-

Cisco ≫ Fxos Version2.3

Cisco ≫ Firepower 9300 Version-

Cisco ≫ Nx-os Version5.2

Cisco ≫ Mds 9000 Version-

Cisco ≫ Nx-os Version6.2

Cisco ≫ Mds 9000 Version-

Cisco ≫ Nx-os Version6.3

Cisco ≫ Mds 9000 Version-

Cisco ≫ Nx-os Version7.3

Cisco ≫ Mds 9000 Version-

Cisco ≫ Nx-os Version8.1

Cisco ≫ Mds 9000 Version-

Cisco ≫ Nx-os Version8.2

Cisco ≫ Mds 9000 Version-

Cisco ≫ Nx-os Version <= 4.1

Cisco ≫ Nexus 1000v Version-
Cisco ≫ Nexus 1100v Version-

Cisco ≫ Nx-os Version5.2

Cisco ≫ Nexus 1000v Version-
Cisco ≫ Nexus 1100v Version-

Cisco ≫ Nx-os Version <= 6.0

   Cisco ≫ Nexus 3000 Version-
   Cisco ≫ Nexus 3016 Version-
   Cisco ≫ Nexus 3016q Version-
   Cisco ≫ Nexus 3048 Version-
   Cisco ≫ Nexus 3064 Version-
   Cisco ≫ Nexus 3064t Version-
   Cisco ≫ Nexus 3064x Version-

Cisco ≫ Nx-os Version7.0

Cisco ≫ Nx-os Version <= 5.2

   Cisco ≫ Nexus 2000 Version-
   Cisco ≫ Nexus 5000 Version-
   Cisco ≫ Nexus 5010 Version-
   Cisco ≫ Nexus 5010p Switch Version-
   Cisco ≫ Nexus 5500 Version-
   Cisco ≫ Nexus 5548p Version-
   Cisco ≫ Nexus 5548up Version-
   Cisco ≫ Nexus 5596t Version-
   Cisco ≫ Nexus 5596up Version-
   Cisco ≫ Nexus 5600 Version-
   Cisco ≫ Nexus 56128p Version-
   Cisco ≫ Nexus 5624q Version-
   Cisco ≫ Nexus 5648q Version-
   Cisco ≫ Nexus 5672up Version-
   Cisco ≫ Nexus 5696q Version-
   Cisco ≫ Nexus 6000 Version-
   Cisco ≫ Nexus 6001 Version-
   Cisco ≫ Nexus 6004 Version-
   Cisco ≫ Nexus 6004x Version-

Cisco ≫ Nx-os Version6.1

Cisco ≫ Nexus 9000 Version-

Cisco ≫ Nx-os Version7.0

Cisco ≫ Nexus 9000 Version-

Cisco ≫ Nx-os Version7.0

Cisco ≫ 9500 R Version-

Cisco ≫ Nx-os Version <= 2.2

   Cisco ≫ Ucs 6100 Version-
   Cisco ≫ Ucs 6200 Version-
   Cisco ≫ Ucs 6300 Version-

Cisco ≫ Nx-os Version2.5

   Cisco ≫ Ucs 6100 Version-
   Cisco ≫ Ucs 6200 Version-
   Cisco ≫ Ucs 6300 Version-

Cisco ≫ Nx-os Version3.0

   Cisco ≫ Ucs 6100 Version-
   Cisco ≫ Ucs 6200 Version-
   Cisco ≫ Ucs 6300 Version-

Cisco ≫ Nx-os Version3.1

   Cisco ≫ Ucs 6100 Version-
   Cisco ≫ Ucs 6200 Version-
   Cisco ≫ Ucs 6300 Version-

Cisco ≫ Nx-os Version3.2

   Cisco ≫ Ucs 6100 Version-
   Cisco ≫ Ucs 6200 Version-
   Cisco ≫ Ucs 6300 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	2.62%	0.851

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.6	3.9	4	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

http://www.securityfocus.com/bid/101493

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1039614

Third Party Advisory

VDB Entry

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03846en_us

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-aaavty

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-3883

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-3883

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-3883

EUVD