Action not permitted
Modal body text goes here.
ghsa-3qj9-m33f-45xw
Vulnerability from github
Published
2022-05-13 01:36
Modified
2025-07-31 18:31
Severity ?
Details
The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve89865, CSCsy56638.
{
"affected": [],
"aliases": [
"CVE-2017-6738"
],
"database_specific": {
"cwe_ids": [
"CWE-119"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-07-17T21:29:00Z",
"severity": "HIGH"
},
"details": "The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve89865, CSCsy56638.",
"id": "GHSA-3qj9-m33f-45xw",
"modified": "2025-07-31T18:31:48Z",
"published": "2022-05-13T01:36:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6738"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/99345"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1038808"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
cve-2017-6738
Vulnerability from cvelistv5
Published
2017-07-17 21:00
Modified
2025-07-31 16:22
Severity ?
EPSS score ?
Summary
The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities.
The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP - Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. A successful exploit could allow the attacker to execute arbitrary code and obtain full control of the affected system or cause the affected system to reload.
Customers are advised to apply the workaround as contained in the Workarounds section below. Fixed software information is available via the Cisco IOS Software Checker. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable.
There are workarounds that address these vulnerabilities.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Cisco | IOS | |
| Cisco | Cisco IOS XE Software |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:41:17.135Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99345",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99345"
},
{
"name": "1038808",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038808"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-6738",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-08T17:36:26.152413Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-03-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-6738"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T01:46:26.113Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"timeline": [
{
"lang": "en",
"time": "2022-03-03T00:00:00+00:00",
"value": "CVE-2017-6738 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "IOS",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "12.2(53)SE1"
},
{
"status": "affected",
"version": "12.2(55)SE"
},
{
"status": "affected",
"version": "12.2(50)SE2"
},
{
"status": "affected",
"version": "12.2(50)SE1"
},
{
"status": "affected",
"version": "12.2(50)SE5"
},
{
"status": "affected",
"version": "12.2(53)SE"
},
{
"status": "affected",
"version": "12.2(55)SE3"
},
{
"status": "affected",
"version": "12.2(55)SE2"
},
{
"status": "affected",
"version": "12.2(52)SE"
},
{
"status": "affected",
"version": "12.2(58)SE"
},
{
"status": "affected",
"version": "12.2(50)SE3"
},
{
"status": "affected",
"version": "12.2(55)SE1"
},
{
"status": "affected",
"version": "12.2(53)SE2"
},
{
"status": "affected",
"version": "12.2(52)SE1"
},
{
"status": "affected",
"version": "12.2(54)SE"
},
{
"status": "affected",
"version": "12.2(50)SE4"
},
{
"status": "affected",
"version": "12.2(50)SE"
},
{
"status": "affected",
"version": "12.2(58)SE1"
},
{
"status": "affected",
"version": "12.2(55)SE4"
},
{
"status": "affected",
"version": "12.2(58)SE2"
},
{
"status": "affected",
"version": "12.2(55)SE5"
},
{
"status": "affected",
"version": "12.2(55)SE6"
},
{
"status": "affected",
"version": "12.2(55)SE7"
},
{
"status": "affected",
"version": "12.2(55)SE8"
},
{
"status": "affected",
"version": "12.2(55)SE9"
},
{
"status": "affected",
"version": "12.2(55)SE10"
},
{
"status": "affected",
"version": "12.2(55)SE11"
},
{
"status": "affected",
"version": "12.2(53)EX"
},
{
"status": "affected",
"version": "12.2(52)EX"
},
{
"status": "affected",
"version": "12.2(55)EX"
},
{
"status": "affected",
"version": "12.2(52)EX1"
},
{
"status": "affected",
"version": "12.2(55)EX1"
},
{
"status": "affected",
"version": "12.2(55)EX2"
},
{
"status": "affected",
"version": "12.2(55)EX3"
},
{
"status": "affected",
"version": "12.2(58)EX"
},
{
"status": "affected",
"version": "12.2(55)EY"
},
{
"status": "affected",
"version": "12.2(52)EY1"
},
{
"status": "affected",
"version": "12.2(52)EY"
},
{
"status": "affected",
"version": "12.2(53)EY"
},
{
"status": "affected",
"version": "12.2(52)EY2"
},
{
"status": "affected",
"version": "12.2(52)EY1b"
},
{
"status": "affected",
"version": "12.2(52)EY1c"
},
{
"status": "affected",
"version": "12.2(58)EY"
},
{
"status": "affected",
"version": "12.2(52)EY3"
},
{
"status": "affected",
"version": "12.2(52)EY2a"
},
{
"status": "affected",
"version": "12.2(58)EY1"
},
{
"status": "affected",
"version": "12.2(52)EY4"
},
{
"status": "affected",
"version": "12.2(52)EY3a"
},
{
"status": "affected",
"version": "12.2(58)EY2"
},
{
"status": "affected",
"version": "12.2(58)EZ"
},
{
"status": "affected",
"version": "12.2(53)EZ"
},
{
"status": "affected",
"version": "12.2(55)EZ"
},
{
"status": "affected",
"version": "12.2(60)EZ"
},
{
"status": "affected",
"version": "12.2(60)EZ1"
},
{
"status": "affected",
"version": "12.2(60)EZ2"
},
{
"status": "affected",
"version": "12.2(60)EZ3"
},
{
"status": "affected",
"version": "12.2(60)EZ4"
},
{
"status": "affected",
"version": "12.2(60)EZ5"
},
{
"status": "affected",
"version": "12.2(60)EZ6"
},
{
"status": "affected",
"version": "12.2(60)EZ7"
},
{
"status": "affected",
"version": "12.2(60)EZ8"
},
{
"status": "affected",
"version": "12.2(60)EZ9"
},
{
"status": "affected",
"version": "12.2(60)EZ10"
},
{
"status": "affected",
"version": "12.2(60)EZ11"
},
{
"status": "affected",
"version": "12.2(50)SG3"
},
{
"status": "affected",
"version": "12.2(53)SG"
},
{
"status": "affected",
"version": "12.2(50)SG6"
},
{
"status": "affected",
"version": "12.2(53)SG1"
},
{
"status": "affected",
"version": "12.2(53)SG2"
},
{
"status": "affected",
"version": "12.2(50)SG5"
},
{
"status": "affected",
"version": "12.2(53)SG3"
},
{
"status": "affected",
"version": "12.2(50)SG8"
},
{
"status": "affected",
"version": "12.2(50)SG2"
},
{
"status": "affected",
"version": "12.2(54)SG1"
},
{
"status": "affected",
"version": "12.2(50)SG1"
},
{
"status": "affected",
"version": "12.2(52)SG"
},
{
"status": "affected",
"version": "12.2(54)SG"
},
{
"status": "affected",
"version": "12.2(50)SG"
},
{
"status": "affected",
"version": "12.2(50)SG7"
},
{
"status": "affected",
"version": "12.2(53)SG4"
},
{
"status": "affected",
"version": "12.2(50)SG4"
},
{
"status": "affected",
"version": "12.2(53)SG5"
},
{
"status": "affected",
"version": "12.2(53)SG6"
},
{
"status": "affected",
"version": "12.2(53)SG7"
},
{
"status": "affected",
"version": "12.2(53)SG8"
},
{
"status": "affected",
"version": "12.2(53)SG9"
},
{
"status": "affected",
"version": "12.2(53)SG10"
},
{
"status": "affected",
"version": "12.2(53)SG11"
},
{
"status": "affected",
"version": "12.2(33)SXI"
},
{
"status": "affected",
"version": "12.2(33)SXI1"
},
{
"status": "affected",
"version": "12.2(52)XO"
},
{
"status": "affected",
"version": "12.2(54)XO"
},
{
"status": "affected",
"version": "12.2(50)SQ2"
},
{
"status": "affected",
"version": "12.2(50)SQ1"
},
{
"status": "affected",
"version": "12.2(50)SQ"
},
{
"status": "affected",
"version": "12.2(50)SQ3"
},
{
"status": "affected",
"version": "12.2(50)SQ4"
},
{
"status": "affected",
"version": "12.2(50)SQ5"
},
{
"status": "affected",
"version": "12.2(50)SQ6"
},
{
"status": "affected",
"version": "12.2(50)SQ7"
},
{
"status": "affected",
"version": "15.0(1)XO1"
},
{
"status": "affected",
"version": "15.0(1)XO"
},
{
"status": "affected",
"version": "15.0(2)XO"
},
{
"status": "affected",
"version": "15.3(1)T"
},
{
"status": "affected",
"version": "15.3(2)T"
},
{
"status": "affected",
"version": "15.3(1)T1"
},
{
"status": "affected",
"version": "15.3(1)T2"
},
{
"status": "affected",
"version": "15.3(1)T3"
},
{
"status": "affected",
"version": "15.3(1)T4"
},
{
"status": "affected",
"version": "15.3(2)T1"
},
{
"status": "affected",
"version": "15.3(2)T2"
},
{
"status": "affected",
"version": "15.3(2)T3"
},
{
"status": "affected",
"version": "15.3(2)T4"
},
{
"status": "affected",
"version": "15.0(1)EY"
},
{
"status": "affected",
"version": "15.0(1)EY1"
},
{
"status": "affected",
"version": "15.0(1)EY2"
},
{
"status": "affected",
"version": "15.0(2)EY"
},
{
"status": "affected",
"version": "15.0(2)EY1"
},
{
"status": "affected",
"version": "15.0(2)EY2"
},
{
"status": "affected",
"version": "15.0(2)EY3"
},
{
"status": "affected",
"version": "12.2(54)WO"
},
{
"status": "affected",
"version": "15.0(1)SE"
},
{
"status": "affected",
"version": "15.0(2)SE"
},
{
"status": "affected",
"version": "15.0(1)SE1"
},
{
"status": "affected",
"version": "15.0(1)SE2"
},
{
"status": "affected",
"version": "15.0(1)SE3"
},
{
"status": "affected",
"version": "15.0(2)SE1"
},
{
"status": "affected",
"version": "15.0(2)SE2"
},
{
"status": "affected",
"version": "15.0(2)SE3"
},
{
"status": "affected",
"version": "15.0(2)SE4"
},
{
"status": "affected",
"version": "15.0(2)SE5"
},
{
"status": "affected",
"version": "15.0(2)SE6"
},
{
"status": "affected",
"version": "15.0(2)SE7"
},
{
"status": "affected",
"version": "15.0(2)SE8"
},
{
"status": "affected",
"version": "15.0(2)SE9"
},
{
"status": "affected",
"version": "15.0(2)SE10"
},
{
"status": "affected",
"version": "15.0(2)SE10a"
},
{
"status": "affected",
"version": "15.1(1)SG"
},
{
"status": "affected",
"version": "15.1(2)SG"
},
{
"status": "affected",
"version": "15.1(1)SG1"
},
{
"status": "affected",
"version": "15.1(1)SG2"
},
{
"status": "affected",
"version": "15.1(2)SG1"
},
{
"status": "affected",
"version": "15.1(2)SG2"
},
{
"status": "affected",
"version": "15.1(2)SG3"
},
{
"status": "affected",
"version": "15.1(2)SG4"
},
{
"status": "affected",
"version": "15.1(2)SG5"
},
{
"status": "affected",
"version": "15.1(2)SG6"
},
{
"status": "affected",
"version": "15.1(2)SG7"
},
{
"status": "affected",
"version": "15.1(2)SG8"
},
{
"status": "affected",
"version": "15.2(4)M"
},
{
"status": "affected",
"version": "15.2(4)M1"
},
{
"status": "affected",
"version": "15.2(4)M2"
},
{
"status": "affected",
"version": "15.2(4)M4"
},
{
"status": "affected",
"version": "15.2(4)M3"
},
{
"status": "affected",
"version": "15.2(4)M5"
},
{
"status": "affected",
"version": "15.2(4)M8"
},
{
"status": "affected",
"version": "15.2(4)M10"
},
{
"status": "affected",
"version": "15.2(4)M7"
},
{
"status": "affected",
"version": "15.2(4)M6"
},
{
"status": "affected",
"version": "15.2(4)M9"
},
{
"status": "affected",
"version": "15.2(4)M6a"
},
{
"status": "affected",
"version": "15.2(4)M11"
},
{
"status": "affected",
"version": "15.0(2)SG"
},
{
"status": "affected",
"version": "15.0(2)SG1"
},
{
"status": "affected",
"version": "15.0(2)SG2"
},
{
"status": "affected",
"version": "15.0(2)SG3"
},
{
"status": "affected",
"version": "15.0(2)SG4"
},
{
"status": "affected",
"version": "15.0(2)SG5"
},
{
"status": "affected",
"version": "15.0(2)SG6"
},
{
"status": "affected",
"version": "15.0(2)SG7"
},
{
"status": "affected",
"version": "15.0(2)SG8"
},
{
"status": "affected",
"version": "15.0(2)SG9"
},
{
"status": "affected",
"version": "15.0(2)SG10"
},
{
"status": "affected",
"version": "15.0(2)SG11"
},
{
"status": "affected",
"version": "15.0(2)SG11a"
},
{
"status": "affected",
"version": "15.0(1)EX"
},
{
"status": "affected",
"version": "15.0(2)EX"
},
{
"status": "affected",
"version": "15.0(2)EX1"
},
{
"status": "affected",
"version": "15.0(2)EX2"
},
{
"status": "affected",
"version": "15.0(2)EX3"
},
{
"status": "affected",
"version": "15.0(2)EX4"
},
{
"status": "affected",
"version": "15.0(2)EX5"
},
{
"status": "affected",
"version": "15.0(2)EX8"
},
{
"status": "affected",
"version": "15.0(2a)EX5"
},
{
"status": "affected",
"version": "15.0(2)EX10"
},
{
"status": "affected",
"version": "15.0(2)EX11"
},
{
"status": "affected",
"version": "15.0(2)EX13"
},
{
"status": "affected",
"version": "15.0(2)EX12"
},
{
"status": "affected",
"version": "15.2(2)GC"
},
{
"status": "affected",
"version": "15.2(3)GC"
},
{
"status": "affected",
"version": "15.2(3)GC1"
},
{
"status": "affected",
"version": "15.2(4)GC"
},
{
"status": "affected",
"version": "15.2(4)GC2"
},
{
"status": "affected",
"version": "15.2(4)GC3"
},
{
"status": "affected",
"version": "15.4(1)T"
},
{
"status": "affected",
"version": "15.4(2)T"
},
{
"status": "affected",
"version": "15.4(1)T2"
},
{
"status": "affected",
"version": "15.4(1)T1"
},
{
"status": "affected",
"version": "15.4(1)T3"
},
{
"status": "affected",
"version": "15.4(2)T1"
},
{
"status": "affected",
"version": "15.4(2)T3"
},
{
"status": "affected",
"version": "15.4(2)T2"
},
{
"status": "affected",
"version": "15.4(1)T4"
},
{
"status": "affected",
"version": "15.4(2)T4"
},
{
"status": "affected",
"version": "15.0(2)EA"
},
{
"status": "affected",
"version": "15.0(2)EA1"
},
{
"status": "affected",
"version": "15.2(1)E"
},
{
"status": "affected",
"version": "15.2(2)E"
},
{
"status": "affected",
"version": "15.2(1)E1"
},
{
"status": "affected",
"version": "15.2(3)E"
},
{
"status": "affected",
"version": "15.2(1)E2"
},
{
"status": "affected",
"version": "15.2(1)E3"
},
{
"status": "affected",
"version": "15.2(2)E1"
},
{
"status": "affected",
"version": "15.2(4)E"
},
{
"status": "affected",
"version": "15.2(3)E1"
},
{
"status": "affected",
"version": "15.2(2)E2"
},
{
"status": "affected",
"version": "15.2(2a)E1"
},
{
"status": "affected",
"version": "15.2(2)E3"
},
{
"status": "affected",
"version": "15.2(2a)E2"
},
{
"status": "affected",
"version": "15.2(3)E2"
},
{
"status": "affected",
"version": "15.2(3a)E"
},
{
"status": "affected",
"version": "15.2(3)E3"
},
{
"status": "affected",
"version": "15.2(4)E1"
},
{
"status": "affected",
"version": "15.2(2)E4"
},
{
"status": "affected",
"version": "15.2(2)E5"
},
{
"status": "affected",
"version": "15.2(4)E2"
},
{
"status": "affected",
"version": "15.2(3)E4"
},
{
"status": "affected",
"version": "15.2(5)E"
},
{
"status": "affected",
"version": "15.2(4)E3"
},
{
"status": "affected",
"version": "15.2(2)E6"
},
{
"status": "affected",
"version": "15.2(5a)E"
},
{
"status": "affected",
"version": "15.2(5)E1"
},
{
"status": "affected",
"version": "15.2(5b)E"
},
{
"status": "affected",
"version": "15.2(2)E5a"
},
{
"status": "affected",
"version": "15.2(5c)E"
},
{
"status": "affected",
"version": "15.2(2)E5b"
},
{
"status": "affected",
"version": "15.2(5a)E1"
},
{
"status": "affected",
"version": "15.2(4)E4"
},
{
"status": "affected",
"version": "15.2(5)E2"
},
{
"status": "affected",
"version": "15.3(3)M"
},
{
"status": "affected",
"version": "15.3(3)M1"
},
{
"status": "affected",
"version": "15.3(3)M2"
},
{
"status": "affected",
"version": "15.3(3)M3"
},
{
"status": "affected",
"version": "15.3(3)M5"
},
{
"status": "affected",
"version": "15.3(3)M4"
},
{
"status": "affected",
"version": "15.3(3)M6"
},
{
"status": "affected",
"version": "15.3(3)M7"
},
{
"status": "affected",
"version": "15.3(3)M8"
},
{
"status": "affected",
"version": "15.3(3)M9"
},
{
"status": "affected",
"version": "15.3(3)M8a"
},
{
"status": "affected",
"version": "15.2(4)JN"
},
{
"status": "affected",
"version": "15.0(2)EZ"
},
{
"status": "affected",
"version": "15.2(1)EY"
},
{
"status": "affected",
"version": "15.0(2)EJ"
},
{
"status": "affected",
"version": "15.0(2)EJ1"
},
{
"status": "affected",
"version": "15.2(1)SY"
},
{
"status": "affected",
"version": "15.2(1)SY1"
},
{
"status": "affected",
"version": "15.2(1)SY0a"
},
{
"status": "affected",
"version": "15.2(1)SY2"
},
{
"status": "affected",
"version": "15.2(2)SY"
},
{
"status": "affected",
"version": "15.2(1)SY1a"
},
{
"status": "affected",
"version": "15.2(2)SY1"
},
{
"status": "affected",
"version": "15.2(2)SY2"
},
{
"status": "affected",
"version": "15.2(1)SY3"
},
{
"status": "affected",
"version": "15.2(1)SY4"
},
{
"status": "affected",
"version": "15.2(5)EX"
},
{
"status": "affected",
"version": "15.2(4)JAZ1"
},
{
"status": "affected",
"version": "15.0(2)EK"
},
{
"status": "affected",
"version": "15.0(2)EK1"
},
{
"status": "affected",
"version": "15.4(1)CG"
},
{
"status": "affected",
"version": "15.4(1)CG1"
},
{
"status": "affected",
"version": "15.4(2)CG"
},
{
"status": "affected",
"version": "15.2(2)EB"
},
{
"status": "affected",
"version": "15.2(2)EB1"
},
{
"status": "affected",
"version": "15.2(2)EB2"
},
{
"status": "affected",
"version": "15.5(1)T"
},
{
"status": "affected",
"version": "15.5(1)T1"
},
{
"status": "affected",
"version": "15.5(2)T"
},
{
"status": "affected",
"version": "15.5(1)T2"
},
{
"status": "affected",
"version": "15.5(1)T3"
},
{
"status": "affected",
"version": "15.5(2)T1"
},
{
"status": "affected",
"version": "15.5(2)T2"
},
{
"status": "affected",
"version": "15.5(2)T3"
},
{
"status": "affected",
"version": "15.5(2)T4"
},
{
"status": "affected",
"version": "15.5(1)T4"
},
{
"status": "affected",
"version": "15.2(2)EA"
},
{
"status": "affected",
"version": "15.2(2)EA1"
},
{
"status": "affected",
"version": "15.2(2)EA2"
},
{
"status": "affected",
"version": "15.2(3)EA"
},
{
"status": "affected",
"version": "15.2(4)EA"
},
{
"status": "affected",
"version": "15.2(4)EA1"
},
{
"status": "affected",
"version": "15.2(2)EA3"
},
{
"status": "affected",
"version": "15.2(4)EA3"
},
{
"status": "affected",
"version": "15.2(5)EA"
},
{
"status": "affected",
"version": "15.2(4)EA4"
},
{
"status": "affected",
"version": "15.2(4)EA5"
},
{
"status": "affected",
"version": "15.5(3)M"
},
{
"status": "affected",
"version": "15.5(3)M1"
},
{
"status": "affected",
"version": "15.5(3)M0a"
},
{
"status": "affected",
"version": "15.5(3)M2"
},
{
"status": "affected",
"version": "15.5(3)M3"
},
{
"status": "affected",
"version": "15.5(3)M4"
},
{
"status": "affected",
"version": "15.5(3)M4a"
},
{
"status": "affected",
"version": "15.5(3)M5"
},
{
"status": "affected",
"version": "15.3(3)JAA1"
},
{
"status": "affected",
"version": "15.0(2)SQD"
},
{
"status": "affected",
"version": "15.0(2)SQD1"
},
{
"status": "affected",
"version": "15.0(2)SQD2"
},
{
"status": "affected",
"version": "15.0(2)SQD3"
},
{
"status": "affected",
"version": "15.0(2)SQD4"
},
{
"status": "affected",
"version": "15.0(2)SQD5"
},
{
"status": "affected",
"version": "15.0(2)SQD6"
},
{
"status": "affected",
"version": "15.6(1)T"
},
{
"status": "affected",
"version": "15.6(2)T"
},
{
"status": "affected",
"version": "15.6(1)T0a"
},
{
"status": "affected",
"version": "15.6(1)T1"
},
{
"status": "affected",
"version": "15.6(2)T1"
},
{
"status": "affected",
"version": "15.6(1)T2"
},
{
"status": "affected",
"version": "15.6(2)T2"
},
{
"status": "affected",
"version": "15.6(1)T3"
},
{
"status": "affected",
"version": "15.3(1)SY"
},
{
"status": "affected",
"version": "15.3(1)SY1"
},
{
"status": "affected",
"version": "15.3(1)SY2"
},
{
"status": "affected",
"version": "15.6(3)M"
},
{
"status": "affected",
"version": "15.6(3)M1"
},
{
"status": "affected",
"version": "15.6(3)M0a"
},
{
"status": "affected",
"version": "15.6(3)M1b"
},
{
"status": "affected",
"version": "15.6(3)M2"
},
{
"status": "affected",
"version": "15.6(3)M2a"
},
{
"status": "affected",
"version": "15.2(4)EC1"
},
{
"status": "affected",
"version": "15.2(4)EC2"
},
{
"status": "affected",
"version": "15.3(3)JPC5"
},
{
"status": "affected",
"version": "15.4(1)SY"
},
{
"status": "affected",
"version": "15.4(1)SY1"
},
{
"status": "affected",
"version": "15.4(1)SY2"
},
{
"status": "affected",
"version": "15.5(1)SY"
},
{
"status": "affected",
"version": "15.3(3)JPR1"
}
]
},
{
"product": "Cisco IOS XE Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.2.0SG"
},
{
"status": "affected",
"version": "3.2.1SG"
},
{
"status": "affected",
"version": "3.2.2SG"
},
{
"status": "affected",
"version": "3.2.3SG"
},
{
"status": "affected",
"version": "3.2.4SG"
},
{
"status": "affected",
"version": "3.2.5SG"
},
{
"status": "affected",
"version": "3.2.6SG"
},
{
"status": "affected",
"version": "3.2.7SG"
},
{
"status": "affected",
"version": "3.2.8SG"
},
{
"status": "affected",
"version": "3.2.9SG"
},
{
"status": "affected",
"version": "3.2.10SG"
},
{
"status": "affected",
"version": "3.2.11SG"
},
{
"status": "affected",
"version": "3.3.0SG"
},
{
"status": "affected",
"version": "3.3.2SG"
},
{
"status": "affected",
"version": "3.3.1SG"
},
{
"status": "affected",
"version": "3.2.0SE"
},
{
"status": "affected",
"version": "3.2.1SE"
},
{
"status": "affected",
"version": "3.2.2SE"
},
{
"status": "affected",
"version": "3.2.3SE"
},
{
"status": "affected",
"version": "3.3.0SE"
},
{
"status": "affected",
"version": "3.3.1SE"
},
{
"status": "affected",
"version": "3.3.2SE"
},
{
"status": "affected",
"version": "3.3.3SE"
},
{
"status": "affected",
"version": "3.3.4SE"
},
{
"status": "affected",
"version": "3.3.5SE"
},
{
"status": "affected",
"version": "3.4.0SG"
},
{
"status": "affected",
"version": "3.4.2SG"
},
{
"status": "affected",
"version": "3.4.1SG"
},
{
"status": "affected",
"version": "3.4.3SG"
},
{
"status": "affected",
"version": "3.4.4SG"
},
{
"status": "affected",
"version": "3.4.5SG"
},
{
"status": "affected",
"version": "3.4.6SG"
},
{
"status": "affected",
"version": "3.4.7SG"
},
{
"status": "affected",
"version": "3.4.8SG"
},
{
"status": "affected",
"version": "3.5.0E"
},
{
"status": "affected",
"version": "3.5.1E"
},
{
"status": "affected",
"version": "3.5.2E"
},
{
"status": "affected",
"version": "3.5.3E"
},
{
"status": "affected",
"version": "3.6.0E"
},
{
"status": "affected",
"version": "3.6.1E"
},
{
"status": "affected",
"version": "3.6.2aE"
},
{
"status": "affected",
"version": "3.6.2E"
},
{
"status": "affected",
"version": "3.6.3E"
},
{
"status": "affected",
"version": "3.6.4E"
},
{
"status": "affected",
"version": "3.6.5E"
},
{
"status": "affected",
"version": "3.6.6E"
},
{
"status": "affected",
"version": "3.6.5aE"
},
{
"status": "affected",
"version": "3.6.5bE"
},
{
"status": "affected",
"version": "3.3.0SQ"
},
{
"status": "affected",
"version": "3.3.1SQ"
},
{
"status": "affected",
"version": "3.4.0SQ"
},
{
"status": "affected",
"version": "3.4.1SQ"
},
{
"status": "affected",
"version": "3.7.0E"
},
{
"status": "affected",
"version": "3.7.1E"
},
{
"status": "affected",
"version": "3.7.2E"
},
{
"status": "affected",
"version": "3.7.3E"
},
{
"status": "affected",
"version": "3.7.4E"
},
{
"status": "affected",
"version": "3.7.5E"
},
{
"status": "affected",
"version": "3.5.0SQ"
},
{
"status": "affected",
"version": "3.5.1SQ"
},
{
"status": "affected",
"version": "3.5.2SQ"
},
{
"status": "affected",
"version": "3.5.3SQ"
},
{
"status": "affected",
"version": "3.5.4SQ"
},
{
"status": "affected",
"version": "3.5.5SQ"
},
{
"status": "affected",
"version": "3.5.6SQ"
},
{
"status": "affected",
"version": "16.1.1"
},
{
"status": "affected",
"version": "16.1.2"
},
{
"status": "affected",
"version": "16.1.3"
},
{
"status": "affected",
"version": "16.2.1"
},
{
"status": "affected",
"version": "16.2.2"
},
{
"status": "affected",
"version": "3.8.0E"
},
{
"status": "affected",
"version": "3.8.1E"
},
{
"status": "affected",
"version": "3.8.2E"
},
{
"status": "affected",
"version": "3.8.3E"
},
{
"status": "affected",
"version": "3.8.4E"
},
{
"status": "affected",
"version": "16.3.1"
},
{
"status": "affected",
"version": "16.3.2"
},
{
"status": "affected",
"version": "16.3.3"
},
{
"status": "affected",
"version": "16.3.1a"
},
{
"status": "affected",
"version": "16.3.4"
},
{
"status": "affected",
"version": "16.4.1"
},
{
"status": "affected",
"version": "16.4.2"
},
{
"status": "affected",
"version": "16.5.1"
},
{
"status": "affected",
"version": "16.5.1a"
},
{
"status": "affected",
"version": "16.5.1b"
},
{
"status": "affected",
"version": "3.18.1aSP"
},
{
"status": "affected",
"version": "3.18.2aSP"
},
{
"status": "affected",
"version": "3.9.0E"
},
{
"status": "affected",
"version": "3.9.1E"
},
{
"status": "affected",
"version": "3.9.2E"
},
{
"status": "affected",
"version": "17.11.99SW"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities.\r\n\r The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP - Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. A successful exploit could allow the attacker to execute arbitrary code and obtain full control of the affected system or cause the affected system to reload.\r\n\r Customers are advised to apply the workaround as contained in the Workarounds section below. Fixed software information is available via the Cisco IOS Software Checker. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable.\r\n\r There are workarounds that address these vulnerabilities."
}
],
"exploits": [
{
"lang": "en",
"value": "At the time of initial publication, Cisco was aware of external knowledge of the vulnerabilities described in this advisory and, as a precaution, notified customers about the potential for exploitation.\r\n\r\nOn January 6, 2017, a security researcher published functional exploit code for these vulnerabilities.\r\n\r\nThe Cisco Product Security Incident Response Team (PSIRT) is aware of exploitation of the following vulnerabilities that are described in this advisory:\r\n\r\nCVE-2017-6736\r\nCVE-2017-6737\r\nCVE-2017-6738\r\nCVE-2017-6739\r\nCVE-2017-6740\r\nCVE-2017-6742\r\nCVE-2017-6743\r\nCVE-2017-6744\r\n\r\nThe Cisco PSIRT is aware of exploit code available for CVE-2017-6741.\r\n\r\nAdditional information can be found at Cisco TALOS: DNS Hijacking Abuses Trust In Core Internet Service [\"https://blog.talosintelligence.com/2019/04/seaturtle.html\"]."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "cvssV3_0"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-31T16:22:43.000Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-20170629-snmp",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp"
}
],
"source": {
"advisory": "cisco-sa-20170629-snmp",
"defects": [
"CSCve89865",
"CSCsy56638"
],
"discovery": "UNKNOWN"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2017-6738",
"datePublished": "2017-07-17T21:00:00.000Z",
"dateReserved": "2017-03-09T00:00:00.000Z",
"dateUpdated": "2025-07-31T16:22:43.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.