CVE-2017-6737
Published: 17 July 2017
Summary
CVE-2017-6737 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Cisco Ios. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 4.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
A vulnerability in the SNMP implementation allows an authenticated remote attacker to trigger a buffer overflow via a crafted packet, leading to either arbitrary code execution or a device reload. The flaw impacts all SNMP versions (1, 2c, and 3) and is tracked as CWE-119. Exploitation requires knowledge of the read-only community string or valid SNMPv3 credentials, and the attack is limited to traffic sent directly to the affected device.
An attacker who meets the authentication prerequisites can obtain full system control or deny service through a reload. The CVSS 3.1 score of 8.8 reflects network attack vector, low complexity, and high impact on confidentiality, integrity, and availability.
Cisco Security Advisories cisco-sa-20170629-snmp and related vendor notices describe patches and workarounds; the vulnerability also appears in the CISA Known Exploited Vulnerabilities catalog, indicating confirmed in-the-wild exploitation.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2017-15791
Vulnerability details
A vulnerability in the SNMP implementation of could allow an authenticated, remote attacker to cause a reload of the affected system or to remotely execute code. An attacker could exploit this vulnerability by sending a crafted SNMP packet to the…
more
affected device. The vulnerability is due to a buffer overflow in the affected code area. The vulnerability affects all versions of SNMP (versions 1, 2c, and 3). The attacker must know the SNMP read only community string (SNMP version 2c or earlier) or the user credentials (SNMPv3). An exploit could allow the attacker to execute arbitrary code and obtain full control of the system or to cause a reload of the affected system. Only traffic directed to the affected system can be used to exploit this vulnerability.
- CWE(s)
- KEV Date Added
- 03 March 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires applying vendor patches that eliminate the SNMP buffer overflow described in the CVE.
Mandates input validation on SNMP packets, which would block the crafted payloads that trigger the CWE-119 overflow.
Enforces boundary filtering so only authorized management hosts can reach the SNMP service, limiting the attack surface to trusted sources.