NVD

Id
83713  
Name
CVE-2017-3859  
Description
A vulnerability in the DHCP code for the Zero Touch Provisioning feature of Cisco ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to a format string vulnerability when processing a crafted DHCP packet for Zero Touch Provisioning. An attacker could exploit this vulnerability by sending a specially crafted DHCP packet to an affected device. An exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. This vulnerability affects Cisco ASR 920 Series Aggregation Services Routers that are running an affected release of Cisco IOS XE Software (3.13 through 3.18) and are listening on the DHCP server port. By default, the devices do not listen on the DHCP server port. Cisco Bug IDs: CSCuy56385.  
Reject
 
CVSS Version
2  
CVSS Score
7.8  
Severity
High  
CVSS Base Score
7.8  
CVSS Impact Subscore
6.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:N/I:N/A:C)  
Pub Date
2017-07-18  
Published
2017-03-22  
Modified Date
2017-07-11  
Seq
2017-3859  

Actions

Related NVD References

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
66306 JVNDB-2017-002644 Cisco ASR 920 シリーズアグリゲーションサービスルータ上で稼動する Cisco IOS XE における書式文字列に関する脆弱性 Cisco ASR 920 シリーズアグリゲーションサービスルータ上で稼動する Cisco IOS XE には、書式文字列に関する脆弱性が存在します。 CVE-2017-3859 0 CVE-2017-3859 83713 7.8 7.5 http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-002644.html 2017-03-22 2017-04-24 View