CVE-2017-6742 vulnerability in Cisco Products
Published on July 17, 2017

A vulnerability in the SNMP implementation of could allow an authenticated, remote attacker to cause a reload of the affected system or to remotely execute code. An attacker could exploit this vulnerability by sending a crafted SNMP packet to the affected device.  The vulnerability is due to a buffer overflow in the affected code area. The vulnerability affects all versions of SNMP (versions 1, 2c, and 3). The attacker must know the SNMP read only community string (SNMP version 2c or earlier) or the user credentials (SNMPv3). An exploit could allow the attacker to execute arbitrary code and obtain full control of the system or to cause a reload of the affected system. Only traffic directed to the affected system can be used to exploit this vulnerability.

NVD

Known Exploited Vulnerability

This Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload.

The following remediation steps are recommended / required by May 10, 2023: Apply updates per vendor instructions.

Weakness Type

What is a Buffer Overflow Vulnerability?

The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

CVE-2017-6742 has been classified to as a Buffer Overflow vulnerability or weakness.

Products Associated with CVE-2017-6742

stack.watch emails you whenever new vulnerabilities are published in Cisco Internetwork Operating System (IOS) or Cisco IOS XE. Just hit a watch button to start following.

Cisco Internetwork Operating System (IOS)

Cisco IOS XE

Affected Versions

Cisco IOS XE Software:

Version 3.7.0S is affected.
Version 3.7.1S is affected.
Version 3.7.2S is affected.
Version 3.7.3S is affected.
Version 3.7.4S is affected.
Version 3.7.5S is affected.
Version 3.7.6S is affected.
Version 3.7.7S is affected.
Version 3.7.4aS is affected.
Version 3.7.2tS is affected.
Version 3.7.0bS is affected.
Version 3.8.0S is affected.
Version 3.8.1S is affected.
Version 3.8.2S is affected.
Version 3.9.1S is affected.
Version 3.9.0S is affected.
Version 3.9.2S is affected.
Version 3.9.0aS is affected.
Version 3.11.1S is affected.
Version 3.11.2S is affected.
Version 3.11.0S is affected.
Version 3.11.3S is affected.
Version 3.11.4S is affected.
Version 3.12.0S is affected.
Version 3.12.1S is affected.
Version 3.12.2S is affected.
Version 3.12.3S is affected.
Version 3.12.0aS is affected.
Version 3.12.4S is affected.
Version 3.13.0S is affected.
Version 3.13.1S is affected.
Version 3.13.2S is affected.
Version 3.13.3S is affected.
Version 3.13.4S is affected.
Version 3.13.5S is affected.
Version 3.13.2aS is affected.
Version 3.13.0aS is affected.
Version 3.13.5aS is affected.
Version 3.13.6S is affected.
Version 3.13.7S is affected.
Version 3.13.6aS is affected.
Version 3.13.7aS is affected.
Version 3.6.3E is affected.
Version 3.6.6E is affected.
Version 3.6.5bE is affected.
Version 3.14.0S is affected.
Version 3.14.1S is affected.
Version 3.14.2S is affected.
Version 3.14.3S is affected.
Version 3.14.4S is affected.
Version 3.15.0S is affected.
Version 3.15.1S is affected.
Version 3.15.2S is affected.
Version 3.15.1cS is affected.
Version 3.15.3S is affected.
Version 3.15.4S is affected.
Version 3.7.4E is affected.
Version 3.7.5E is affected.
Version 3.16.0S is affected.
Version 3.16.1S is affected.
Version 3.16.1aS is affected.
Version 3.16.2S is affected.
Version 3.16.0cS is affected.
Version 3.16.3S is affected.
Version 3.16.2bS is affected.
Version 3.16.4aS is affected.
Version 3.16.4bS is affected.
Version 3.16.5S is affected.
Version 3.16.4dS is affected.
Version 3.17.0S is affected.
Version 3.17.1S is affected.
Version 3.17.2S is affected.
Version 3.17.1aS is affected.
Version 3.17.3S is affected.
Version 16.2.1 is affected.
Version 16.2.2 is affected.
Version 16.3.1 is affected.
Version 16.3.2 is affected.
Version 16.3.3 is affected.
Version 16.3.1a is affected.
Version 16.3.4 is affected.
Version 16.4.1 is affected.
Version 16.4.2 is affected.
Version 16.5.1 is affected.
Version 16.5.1b is affected.
Version 3.18.0aS is affected.
Version 3.18.0S is affected.
Version 3.18.1S is affected.
Version 3.18.0SP is affected.
Version 3.18.1SP is affected.
Version 3.18.1aSP is affected.
Version 3.18.2aSP is affected.

IntelliShield Universal Product:

Version N/A is affected.

Exploit Probability

EPSS

5.56%

Percentile

90.14%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.