The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP—Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. A successful exploit could allow the attacker to execute arbitrary code and obtain full control of the affected system or cause the affected system to reload.
Cisco will release software updates that address these vulnerabilities. There are workarounds that address these vulnerabilities.
This advisory is available at the following link:
http://ift.tt/2sqTzIB
The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP—Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. A successful exploit could allow the attacker to execute arbitrary code and obtain full control of the affected system or cause the affected system to reload.
Cisco will release software updates that address these vulnerabilities. There are workarounds that address these vulnerabilities.
This advisory is available at the following link:
http://ift.tt/2sqTzIB
Security Impact Rating: High
CVE: CVE-2017-6736,CVE-2017-6737,CVE-2017-6738,CVE-2017-6739,CVE-2017-6740,CVE-2017-6741,CVE-2017-6742,CVE-2017-6743,CVE-2017-6744
from Cisco Security Advisory http://ift.tt/2sqTzIB
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.