CVE-2017-6739
Published: 17 July 2017
Summary
CVE-2017-6739 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Cisco Ios. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 4.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
A vulnerability in the SNMP implementation allows an authenticated remote attacker to trigger a buffer overflow by sending a crafted SNMP packet to an affected device. The flaw impacts all versions of SNMP (1, 2c, and 3) and stems from improper handling of input in the affected code, as indicated by its CWE-119 classification and an 8.8 CVSS score reflecting high impact on confidentiality, integrity, and availability.
An attacker who possesses the SNMP read-only community string for versions 2c or earlier, or valid user credentials for SNMPv3, can exploit the issue over the network. Successful exploitation can result in arbitrary code execution with full system control or a reload of the device; only traffic directed at the affected system can be used for the attack.
Cisco Security Advisories referenced in the CVE entry, including cisco-sa-20170629-snmp, provide official guidance on the issue. The vulnerability is also cataloged in CISA's Known Exploited Vulnerabilities list, confirming observed real-world exploitation activity.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2017-15793
Vulnerability details
A vulnerability in the SNMP implementation of could allow an authenticated, remote attacker to cause a reload of the affected system or to remotely execute code. An attacker could exploit this vulnerability by sending a crafted SNMP packet to the…
more
affected device. The vulnerability is due to a buffer overflow in the affected code area. The vulnerability affects all versions of SNMP (versions 1, 2c, and 3). The attacker must know the SNMP read only community string (SNMP version 2c or earlier) or the user credentials (SNMPv3). An exploit could allow the attacker to execute arbitrary code and obtain full control of the system or to cause a reload of the affected system. Only traffic directed to the affected system can be used to exploit this vulnerability.
- CWE(s)
- KEV Date Added
- 03 March 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of SNMP packet contents to block the crafted input that triggers the buffer overflow.
Mandates timely application of vendor patches that eliminate the SNMP buffer-overflow flaw.
Restricts network access to the SNMP service so that only authorized management hosts can send packets to the device.