CVE-2017-3820
MEDIUMCisco IOS XE 15.5(3)S2.1 15.6(1)S1.1 - Authenticated Denial of Service via SNMP Functions
Title source: llmDescription
A vulnerability in Simple Network Management Protocol (SNMP) functions of Cisco ASR 1000 Series Aggregation Services Routers running Cisco IOS XE Software Release 3.13.6S, 3.16.2S, or 3.17.1S could allow an authenticated, remote attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition. More Information: CSCux68796. Known Affected Releases: 15.5(3)S2.1 15.6(1)S1.1. Known Fixed Releases: 15.4(3)S6.1 15.4(3)S6.2 15.5(3)S2.2 15.5(3)S3 15.6(0.22)S0.23 15.6(1)S2 16.2(0.295) 16.3(0.94) 15.5.3S3.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-asrsnmp
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1037770
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/95934
Scores
CVSS v3
6.5
EPSS
0.0280
EPSS Percentile
84.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-665
Status
published
Products (4)
cisco/ios_xe
3.13.6s
cisco/ios_xe
3.16.2s
cisco/ios_xe
3.17.1s
n/a/Cisco IOS XE 15.x
Cisco IOS XE 15.x
Published
Feb 03, 2017
Tracked Since
Feb 18, 2026