CVE-2017-3820

{"id": "CVE-2017-3820", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2017-02-03T07:59:00.857", "references": [{"url": "http://www.securityfocus.com/bid/95934", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1037770", "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-asrsnmp", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-665"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in Simple Network Management Protocol (SNMP) functions of Cisco ASR 1000 Series Aggregation Services Routers running Cisco IOS XE Software Release 3.13.6S, 3.16.2S, or 3.17.1S could allow an authenticated, remote attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition. More Information: CSCux68796. Known Affected Releases: 15.5(3)S2.1 15.6(1)S1.1. Known Fixed Releases: 15.4(3)S6.1 15.4(3)S6.2 15.5(3)S2.2 15.5(3)S3 15.6(0.22)S0.23 15.6(1)S2 16.2(0.295) 16.3(0.94) 15.5.3S3."}, {"lang": "es", "value": "Una vulnerabilidad en funciones Simple Network Management Protocol (SNMP) de Cisco ASR 1000 Series Aggregation Services Routers que ejecutan Cisco IOS XE Software Release 3.13.6S, 3.16.2S, o 3.17.1S podr\u00eda permitir a un atacante remoto no autenticado provocar elevado uso de CPU en un dispositivo afectado, resultando en una condici\u00f3n de denegaci\u00f3n de servicio (DoS). M\u00e1s Informaci\u00f3n: CSCux68796. Lanzamientos Conocidos Afectados: 15.5(3)S2.1 15.6(1)S1.1. Lanzamientos Reparados Conocidos: 15.4(3)S6.1 15.4(3)S6.2 15.5(3)S2.2 15.5(3)S3 15.6(0.22)S0.23 15.6(1)S2 16.2(0.295) 16.3(0.94) 15.5.3S3."}], "lastModified": "2019-10-03T00:03:26.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios_xe:3.13.6s:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "665ACEAC-AE81-40F7-8A01-E8DB9DD7DD7A"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.16.2s:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "970FD986-6D0E-441C-9BF3-C66A25763A7A"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.17.1s:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "876767C7-0196-4226-92B1-DDE851B53655"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}