Cyber Resilience

CVE-2017-6663

MediumCISA KEVActive ExploitationEUVD Exploited

Published: 07 August 2017

Published
07 August 2017
Modified
22 April 2026
KEV Added
03 March 2022
Patch
CVSS Score v3.1 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0257 85.8th percentile
Risk Priority 35 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2017-6663 is a medium-severity an unspecified weakness vulnerability in Cisco Ios. Its CVSS base score is 6.5 (Medium).

Operationally, ranked in the top 14.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-2 (Flaw Remediation).

Deeper analysis

A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software can be triggered to force autonomic nodes to reload. The flaw affects the releases Denali-16.2.1 and Denali-16.3.1 and is tracked as CSCvd88936. Its CVSS 3.1 base score is 6.5, reflecting an attack that requires only adjacent network access and no authentication or user interaction.

An unauthenticated attacker positioned on the same network segment can send crafted autonomic-networking messages to affected devices. Successful exploitation produces a denial-of-service condition by repeatedly reloading the targeted autonomic nodes, disrupting network operations that rely on those nodes.

The official Cisco Security Advisory cisco-sa-20170726-anidos, referenced at tools.cisco.com, supplies additional details on the issue and recommended remediation steps for customers running the listed releases. No information on observed in-the-wild exploitation is provided in the available references.

EU & UK References

Vulnerability details

A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause autonomic nodes of an affected system to reload, resulting in a denial of service (DoS) condition.…

more

More Information: CSCvd88936. Known Affected Releases: Denali-16.2.1 Denali-16.3.1.

CWE(s)
KEV Date Added
03 March 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

cisco
ios
15.2\(3\)e, 15.2\(3\)e1, 15.2\(3\)e2, 15.2\(3\)e3, 15.2\(3\)e4
cisco
ios xe
16.6.1, 3.10.4s, 3.10.8as, 3.10.8s, 3.11.3s

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly counters the crafted autonomic messages that trigger node reloads by implementing protections against denial-of-service conditions on network devices.

prevent

Requires prompt application of vendor patches for the specific flaw (CSCvd88936) in the affected Denali releases to eliminate the autonomic networking vulnerability.

prevent

Boundary protection mechanisms can filter or block unauthorized adjacent-network autonomic messages before they reach IOS/IOS-XE devices.

References