cvelistv5 - cve-2017-3881

CVE-2017-3881 (GCVE-0-2017-3881)

Vulnerability from cvelistv5

Published

2017-03-17 22:00

Modified

2026-01-12 20:45

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Remote Code Execution Vulnerability

Summary

A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges. The Cluster Management Protocol utilizes Telnet internally as a signaling and command protocol between cluster members. The vulnerability is due to the combination of two factors: (1) the failure to restrict the use of CMP-specific Telnet options only to internal, local communications between cluster members and instead accept and process such options over any Telnet connection to an affected device; and (2) the incorrect processing of malformed CMP-specific Telnet options. An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device. This affects Catalyst switches, Embedded Service 2020 switches, Enhanced Layer 2 EtherSwitch Service Module, Enhanced Layer 2/3 EtherSwitch Service Module, Gigabit Ethernet Switch Module (CGESM) for HP, IE Industrial Ethernet switches, ME 4924-10GE switch, RF Gateway 10, and SM-X Layer 2/3 EtherSwitch Service Module. Cisco Bug IDs: CSCvd48893.

References

URL

Tags

	https://www.exploit-db.com/exploits/41872/	exploit, x_refsource_EXPLOIT-DB
	https://www.exploit-db.com/exploits/41874/	exploit, x_refsource_EXPLOIT-DB
	http://www.securityfocus.com/bid/97391	vdb-entry, x_refsource_BID
	http://www.securityfocus.com/bid/96960	vdb-entry, x_refsource_BID
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1038059	vdb-entry, x_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	n/a	Cisco IOS and IOS XE Software	Version: Cisco IOS and IOS XE Software

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

Date added: 2022-03-25

Due date: 2022-04-15

Required action: Apply updates per vendor instructions.

Used in ransomware: Unknown

Notes: https://nvd.nist.gov/vuln/detail/CVE-2017-3881

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:39:41.294Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "41872",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/41872/"
          },
          {
            "name": "41874",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/41874/"
          },
          {
            "name": "97391",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97391"
          },
          {
            "name": "96960",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/96960"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp"
          },
          {
            "name": "1038059",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038059"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2017-3881",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-08T16:05:33.301931Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2022-03-25",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-3881"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-20",
                "description": "CWE-20 Improper Input Validation",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-12T20:45:44.634Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-3881"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IOS and IOS XE Software",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco IOS and IOS XE Software"
            }
          ]
        }
      ],
      "datePublic": "2017-03-17T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges. The Cluster Management Protocol utilizes Telnet internally as a signaling and command protocol between cluster members. The vulnerability is due to the combination of two factors: (1) the failure to restrict the use of CMP-specific Telnet options only to internal, local communications between cluster members and instead accept and process such options over any Telnet connection to an affected device; and (2) the incorrect processing of malformed CMP-specific Telnet options. An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device. This affects Catalyst switches, Embedded Service 2020 switches, Enhanced Layer 2 EtherSwitch Service Module, Enhanced Layer 2/3 EtherSwitch Service Module, Gigabit Ethernet Switch Module (CGESM) for HP, IE Industrial Ethernet switches, ME 4924-10GE switch, RF Gateway 10, and SM-X Layer 2/3 EtherSwitch Service Module. Cisco Bug IDs: CSCvd48893."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution Vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-15T09:57:01.000Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "41872",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/41872/"
        },
        {
          "name": "41874",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/41874/"
        },
        {
          "name": "97391",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97391"
        },
        {
          "name": "96960",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/96960"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp"
        },
        {
          "name": "1038059",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038059"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-3881",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco IOS and IOS XE Software",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco IOS and IOS XE Software"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges. The Cluster Management Protocol utilizes Telnet internally as a signaling and command protocol between cluster members. The vulnerability is due to the combination of two factors: (1) the failure to restrict the use of CMP-specific Telnet options only to internal, local communications between cluster members and instead accept and process such options over any Telnet connection to an affected device; and (2) the incorrect processing of malformed CMP-specific Telnet options. An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device. This affects Catalyst switches, Embedded Service 2020 switches, Enhanced Layer 2 EtherSwitch Service Module, Enhanced Layer 2/3 EtherSwitch Service Module, Gigabit Ethernet Switch Module (CGESM) for HP, IE Industrial Ethernet switches, ME 4924-10GE switch, RF Gateway 10, and SM-X Layer 2/3 EtherSwitch Service Module. Cisco Bug IDs: CSCvd48893."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Remote Code Execution Vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "41872",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/41872/"
            },
            {
              "name": "41874",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/41874/"
            },
            {
              "name": "97391",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97391"
            },
            {
              "name": "96960",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/96960"
            },
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp"
            },
            {
              "name": "1038059",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038059"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2017-3881",
    "datePublished": "2017-03-17T22:00:00.000Z",
    "dateReserved": "2016-12-21T00:00:00.000Z",
    "dateUpdated": "2026-01-12T20:45:44.634Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2017-3881",
      "cwes": "[\"CWE-20\"]",
      "dateAdded": "2022-03-25",
      "dueDate": "2022-04-15",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://nvd.nist.gov/vuln/detail/CVE-2017-3881",
      "product": "IOS and IOS XE",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges.",
      "vendorProject": "Cisco",
      "vulnerabilityName": "Cisco IOS and IOS XE Remote Code Execution Vulnerability"
    },
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.exploit-db.com/exploits/41872/\", \"name\": \"41872\", \"tags\": [\"exploit\", \"x_refsource_EXPLOIT-DB\", \"x_transferred\"]}, {\"url\": \"https://www.exploit-db.com/exploits/41874/\", \"name\": \"41874\", \"tags\": [\"exploit\", \"x_refsource_EXPLOIT-DB\", \"x_transferred\"]}, {\"url\": \"http://www.securityfocus.com/bid/97391\", \"name\": \"97391\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}, {\"url\": \"http://www.securityfocus.com/bid/96960\", \"name\": \"96960\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://www.securitytracker.com/id/1038059\", \"name\": \"1038059\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-05T14:39:41.294Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2017-3881\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-08T16:05:33.301931Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2022-03-25\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-3881\"}}}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-3881\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20 Improper Input Validation\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-08T16:07:18.170Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"Cisco IOS and IOS XE Software\", \"versions\": [{\"status\": \"affected\", \"version\": \"Cisco IOS and IOS XE Software\"}]}], \"datePublic\": \"2017-03-17T00:00:00.000Z\", \"references\": [{\"url\": \"https://www.exploit-db.com/exploits/41872/\", \"name\": \"41872\", \"tags\": [\"exploit\", \"x_refsource_EXPLOIT-DB\"]}, {\"url\": \"https://www.exploit-db.com/exploits/41874/\", \"name\": \"41874\", \"tags\": [\"exploit\", \"x_refsource_EXPLOIT-DB\"]}, {\"url\": \"http://www.securityfocus.com/bid/97391\", \"name\": \"97391\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}, {\"url\": \"http://www.securityfocus.com/bid/96960\", \"name\": \"96960\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://www.securitytracker.com/id/1038059\", \"name\": \"1038059\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges. The Cluster Management Protocol utilizes Telnet internally as a signaling and command protocol between cluster members. The vulnerability is due to the combination of two factors: (1) the failure to restrict the use of CMP-specific Telnet options only to internal, local communications between cluster members and instead accept and process such options over any Telnet connection to an affected device; and (2) the incorrect processing of malformed CMP-specific Telnet options. An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device. This affects Catalyst switches, Embedded Service 2020 switches, Enhanced Layer 2 EtherSwitch Service Module, Enhanced Layer 2/3 EtherSwitch Service Module, Gigabit Ethernet Switch Module (CGESM) for HP, IE Industrial Ethernet switches, ME 4924-10GE switch, RF Gateway 10, and SM-X Layer 2/3 EtherSwitch Service Module. Cisco Bug IDs: CSCvd48893.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Remote Code Execution Vulnerability\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2017-08-15T09:57:01.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"Cisco IOS and IOS XE Software\"}]}, \"product_name\": \"Cisco IOS and IOS XE Software\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://www.exploit-db.com/exploits/41872/\", \"name\": \"41872\", \"refsource\": \"EXPLOIT-DB\"}, {\"url\": \"https://www.exploit-db.com/exploits/41874/\", \"name\": \"41874\", \"refsource\": \"EXPLOIT-DB\"}, {\"url\": \"http://www.securityfocus.com/bid/97391\", \"name\": \"97391\", \"refsource\": \"BID\"}, {\"url\": \"http://www.securityfocus.com/bid/96960\", \"name\": \"96960\", \"refsource\": \"BID\"}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp\", \"name\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp\", \"refsource\": \"CONFIRM\"}, {\"url\": \"http://www.securitytracker.com/id/1038059\", \"name\": \"1038059\", \"refsource\": \"SECTRACK\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges. The Cluster Management Protocol utilizes Telnet internally as a signaling and command protocol between cluster members. The vulnerability is due to the combination of two factors: (1) the failure to restrict the use of CMP-specific Telnet options only to internal, local communications between cluster members and instead accept and process such options over any Telnet connection to an affected device; and (2) the incorrect processing of malformed CMP-specific Telnet options. An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device. This affects Catalyst switches, Embedded Service 2020 switches, Enhanced Layer 2 EtherSwitch Service Module, Enhanced Layer 2/3 EtherSwitch Service Module, Gigabit Ethernet Switch Module (CGESM) for HP, IE Industrial Ethernet switches, ME 4924-10GE switch, RF Gateway 10, and SM-X Layer 2/3 EtherSwitch Service Module. Cisco Bug IDs: CSCvd48893.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"Remote Code Execution Vulnerability\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2017-3881\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"psirt@cisco.com\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2017-3881\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-01-12T20:45:44.634Z\", \"dateReserved\": \"2016-12-21T00:00:00.000Z\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2017-03-17T22:00:00.000Z\", \"assignerShortName\": \"cisco\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

CERTFR-2017-ALE-005

Vulnerability from certfr_alerte

Une vulnérabilité a été découverte dans les commutateurs Cisco. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Description

Une vulnérabilité dans l'implémentation du Cisco Cluster Management Protocol (CMP) permet une exécution de code à distance dans les commutateurs Cisco exécutant Cisco IOS ou Cisco IOS XE.
Se référer au bulletin de l'éditeur pour une liste exhaustive des produits impactés (cf. section Documentation).
Ce protocole utilise le service Telnet afin que les membres d'un groupe puissent dialoguer entre eux.
Cette vulnérabilité est due à deux facteurs.
Le premier est que les communications Telnet sont traitées même si elles proviennent d'en dehors du groupe.
Le deuxième est qu'une session Telnet spécifique à CMP peut provoquer un débordement de tampon.
A noter que le seul fait de commuter une trame comportant une charge malveillante ne suffit pas à déclencher la vulnérabilité, la communication piégée doit être destinée à l'équipement vulnérable.
Cisco n'a pas annoncé de date de sortie d'un correctif de sécurité.
En attendant, le CERT-FR recommande dans un premier temps de suivre les bonnes pratiques en matière de sécurité informatique en s'assurant que l'accès aux interfaces d 'administration des équipements réseaux soit restreint à un canal interne de confiance.
Ensuite, le CERT-FR recommande de privilégier le protocole SSH à Telnet.
Enfin, si désactiver les communications Telnet n'est pas une option viable, Cisco fournit des règles de détection réseau (cf. section Documentation).
A noter que les règles de détection SNORT 41909 et 41910 sont disponibles gratuitement à condition d'avoir créé un compte Snort. Celles-ci sont contenues dans le fichier server-other.so et sont de type TRUFFLEHUNTER, c'est à dire que leur contenu est dissimulé.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

les commutateurs Cisco exécutant Cisco IOS ou Cisco IOS XE

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-20170317-cmp du 17 mars 2017	None	vendor-advisory
Avis CERT-FR CERTFR-2017-AVI-143	-	other
Cisco IOS CMP Buffer Overflow	-	other
Bulletin de sécurité Cisco cisco-sa-20170317-cmp du 17 mars 2017	-	other
Snort	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eles commutateurs Cisco ex\u00e9cutant Cisco IOS ou Cisco IOS XE\u003c/P\u003e",
  "closed_at": "2017-05-10",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 dans l\u0027impl\u00e9mentation du Cisco Cluster Management\nProtocol (CMP) permet une ex\u00e9cution de code \u00e0 distance dans les\ncommutateurs Cisco ex\u00e9cutant Cisco IOS ou Cisco IOS XE.  \nSe r\u00e9f\u00e9rer au bulletin de l\u0027\u00e9diteur pour une liste exhaustive des\nproduits impact\u00e9s (cf. section Documentation).  \nCe protocole utilise le service Telnet afin que les membres d\u0027un groupe\npuissent dialoguer entre eux.  \nCette vuln\u00e9rabilit\u00e9 est due \u00e0 deux facteurs.  \nLe premier est que les communications Telnet sont trait\u00e9es m\u00eame si elles\nproviennent d\u0027en dehors du groupe.  \nLe deuxi\u00e8me est qu\u0027une session Telnet sp\u00e9cifique \u00e0 CMP peut provoquer un\nd\u00e9bordement de tampon.  \nA noter que le seul fait de commuter une trame comportant une charge\nmalveillante ne suffit pas \u00e0 d\u00e9clencher la vuln\u00e9rabilit\u00e9, la\ncommunication pi\u00e9g\u00e9e doit \u00eatre destin\u00e9e \u00e0 l\u0027\u00e9quipement vuln\u00e9rable.  \nCisco n\u0027a pas annonc\u00e9 de date de sortie d\u0027un correctif de s\u00e9curit\u00e9.  \nEn attendant, le CERT-FR recommande dans un premier temps de suivre les\nbonnes pratiques en mati\u00e8re de s\u00e9curit\u00e9 informatique en s\u0027assurant que\nl\u0027acc\u00e8s aux interfaces d \u0027administration des \u00e9quipements r\u00e9seaux soit\nrestreint \u00e0 un canal interne de confiance.  \nEnsuite, le CERT-FR recommande de privil\u00e9gier le protocole SSH \u00e0\nTelnet.  \nEnfin, si d\u00e9sactiver les communications Telnet n\u0027est pas une option\nviable, Cisco fournit des r\u00e8gles de d\u00e9tection r\u00e9seau (cf. section\nDocumentation).  \nA noter que les r\u00e8gles de d\u00e9tection SNORT 41909 et 41910 sont\ndisponibles gratuitement \u00e0 condition d\u0027avoir cr\u00e9\u00e9 un compte Snort.\nCelles-ci sont contenues dans le fichier server-other.so et sont de type\nTRUFFLEHUNTER, c\u0027est \u00e0 dire que leur contenu est dissimul\u00e9.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-3881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3881"
    }
  ],
  "initial_release_date": "2017-03-20T00:00:00",
  "last_revision_date": "2017-05-10T00:00:00",
  "links": [
    {
      "title": "Avis CERT-FR CERTFR-2017-AVI-143",
      "url": "http://www.cert.ssi.gouv.fr/site/CERTFR-2017-AVI-143/index.html"
    },
    {
      "title": "Cisco IOS CMP Buffer Overflow",
      "url": "https://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=7880\u0026signatureSubId=0\u0026softwareVersion=6.0\u0026releaseVersion=S972"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170317-cmp du 17 mars    2017",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp"
    },
    {
      "title": "Snort",
      "url": "https://www.snort.org/downloads"
    }
  ],
  "reference": "CERTFR-2017-ALE-005",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-03-20T00:00:00.000000"
    },
    {
      "description": "cl\u00f4ture de l\u0027alerte.",
      "revision_date": "2017-05-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans \u003cspan class=\"textit\"\u003eles\ncommutateurs Cisco\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans les commutateurs Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170317-cmp du 17 mars 2017",
      "url": null
    }
  ]
}

CERTFR-2017-AVI-143

Vulnerability from certfr_avis

Une vulnérabilité a été corrigée dans les commutateurs Cisco. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

les commutateurs Cisco exécutant Cisco IOS ou Cisco IOS XE (voir liste complète sur le site du constructeur, cf. section Documentation)

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-20170317-cmp du 17 mars 2017	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20170317-cmp du 17 mars 2017	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eles commutateurs Cisco ex\u00e9cutant Cisco IOS ou Cisco IOS XE  (voir liste compl\u00e8te sur le site du constructeur, cf. section  Documentation)\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-3881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3881"
    }
  ],
  "initial_release_date": "2017-05-10T00:00:00",
  "last_revision_date": "2017-05-10T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170317-cmp du 17 mars    2017",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp"
    }
  ],
  "reference": "CERTFR-2017-AVI-143",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-05-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eles\ncommutateurs Cisco\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans les commutateurs Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170317-cmp du 17 mars 2017",
      "url": null
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2017-3881 (GCVE-0-2017-3881)

Vulnerability from cvelistv5

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

CERTFR-2017-ALE-005

Vulnerability from certfr_alerte

Description

Solution

CERTFR-2017-AVI-143

Vulnerability from certfr_avis

Solution

Tags

Sightings

Nomenclature