Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2017-6744

HIGH
Published 2017-07-17T21:00:00.000Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2017-6744. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.0
8.8
/10
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score Metrics
Exploitability: N/A Impact: N/A

EPSS Score

v2025.03.14
0.129
probability
of exploitation in the wild

There is a 12.9% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-06-25
Exploit Probability
Percentile: 0.937
Higher than 93.7% of all CVEs

Attack Vector Metrics

Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED

Impact Metrics

Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Description

The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities.

The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP - Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. A successful exploit could allow the attacker to execute arbitrary code and obtain full control of the affected system or cause the affected system to reload.

Customers are advised to apply the workaround as contained in the Workarounds section below. Fixed software information is available via the Cisco IOS Software Checker. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable.

There are workarounds that address these vulnerabilities.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Cisco

IOS

Affected Versions:

12.1(3)XI 12.2(1b)DA 12.2(5)DA 12.2(7)DA 12.2(12)DA 12.2(10)DA5 12.2(12)DA10 12.2(10)DA 12.2(12)DA1 12.2(12)DA6 12.2(10)DA8 12.2(12)DA8 12.2(12)DA11 12.2(12)DA9 12.2(12)DA4 12.2(10)DA3 12.2(5)DA1 12.2(12)DA13 12.2(12)DA12 12.2(12)DA7 12.2(1b)DA1 12.2(10)DA1 12.2(10)DA6 12.2(10)DA4 12.2(12)DA2 12.2(12)DA3 12.2(10)DA2 12.2(12)DA5 12.2(10)DA7 12.2(10)DA9 12.2(4)XL2 12.2(4)XM 12.2(4)XM3 12.2(4)XM2 12.2(4)XM4 12.2(4)XM1 12.2(3d) 12.2(5b) 12.2(1)XS1a 12.2(4)YA 12.2(4)YA6 12.2(4)YA3 12.2(4)YA4 12.2(4)YA1 12.2(4)YA11 12.2(4)YA2 12.2(4)YA9 12.2(4)YA8 12.2(4)YA5 12.2(4)YA12 12.2(4)YA10 12.2(4)YA7 12.2(4)YG 12.2(2)XF2 12.2(2)DD2 12.2(1)XD 12.2(1)XD4 12.2(1)XD3 12.2(1)XD1 12.2(2)XH 12.2(2)XH2 12.2(2)XI 12.2(2)XI1 12.2(2)XI2 12.2(2)XK 12.2(2)XK3 12.2(2)XK2 12.2(4)BW1a 12.2(2)BX 12.2(2)BX1 12.2(15)BZ2 12.2(2)DX3 12.2(8)YJ 12.2(8)YJ1 12.2(8)YN 12.2(9)YO 12.2(9)YO3 12.2(9)YO2 12.2(9)YO1 12.2(9)YO4 12.2(1a)XC 12.2(2)XC 12.2(1a)XC1 12.2(1a)XC3 12.2(2)XC1 12.2(1a)XC2 12.2(2)XC2 12.2(11)YP3 12.2(8)YM 12.2(11)YU 12.2(11)YV 12.2(11)YV1 12.2(13)ZG 12.2(13)ZH 12.2(13)ZH9 12.2(13)ZH2 12.2(13)ZH8 12.2(13)ZH10 12.2(13)ZH4 12.2(13)ZH3 12.2(13)ZH7 12.2(13)ZH6 12.3(9a) 12.3(15) 12.3(19) 12.3(10f) 12.3(10a) 12.3(1) 12.3(1a) 12.3(10) 12.3(10b) 12.3(10c) 12.3(10d) 12.3(10e) 12.3(12b) 12.3(12a) 12.3(12c) 12.3(12d) 12.3(12e) 12.3(12) 12.3(13) 12.3(13a) 12.3(13b) 12.3(15a) 12.3(16) 12.3(17) 12.3(17a) 12.3(17b) 12.3(18) 12.3(20) 12.3(3f) 12.3(3e) 12.3(3g) 12.3(3c) 12.3(3b) 12.3(3a) 12.3(3) 12.3(3i) 12.3(3h) 12.3(5c) 12.3(5b) 12.3(5a) 12.3(5) 12.3(5f) 12.3(5e) 12.3(5d) 12.3(6f) 12.3(6e) 12.3(6c) 12.3(6b) 12.3(6a) 12.3(6) 12.3(9d) 12.3(9e) 12.3(9) 12.3(9b) 12.3(9c) 12.3(16a) 12.3(15b) 12.3(21) 12.3(22) 12.3(21b) 12.3(23) 12.3(26) 12.3(20a) 12.3(22a) 12.3(25) 12.3(17c) 12.3(24) 12.3(19a) 12.3(24a) 12.3(18a) 12.3(11)T 12.3(7)T12 12.3(11)T11 12.3(11)T10 12.3(14)T7 12.3(14)T 12.3(8)T 12.3(2)T 12.3(4)T 12.3(7)T 12.3(8)T9 12.3(2)T9 12.3(8)T6 12.3(4)T2a 12.3(4)T9 12.3(4)T4 12.3(2)T1 12.3(11)T5 12.3(7)T3 12.3(2)T2 12.3(8)T3 12.3(4)T7 12.3(8)T7 12.3(11)T8 12.3(7)T2 12.3(8)T4 12.3(8)T8 12.3(14)T5 12.3(11)T3 12.3(4)T10 12.3(2)T4 12.3(8)T10 12.3(14)T2 12.3(4)T2 12.3(7)T7 12.3(7)T10 12.3(7)T4 12.3(11)T6 12.3(7)T11 12.3(4)T6 12.3(2)T3 12.3(2)T5 12.3(2)T6 12.3(4)T3 12.3(14)T3 12.3(2)T8 12.3(11)T4 12.3(7)T9 12.3(8)T11 12.3(11)T9 12.3(7)T8 12.3(4)T1 12.3(8)T5 12.3(4)T11 12.3(4)T8 12.3(14)T1 12.3(11)T2 12.3(7)T6 12.3(2)T7 12.3(11)T7 12.3(7)T1 12.3(14)T6 12.3(8)T1 12.3(2)XA 12.3(2)XA4 12.3(2)XA7 12.3(2)XA3 12.3(2)XA6 12.3(2)XA5 12.3(4)XQ 12.3(4)XQ1 12.3(11)XL 12.3(11)XL1 12.3(4)XK3 12.3(4)XK1 12.3(4)XK4 12.3(4)XK 12.3(4)XK2 12.3(7)XI1b 12.3(7)XI2a 12.3(7)XI1c 12.3(7)XI8c 12.3(4)XG 12.3(4)XG3 12.3(4)XG1 12.3(4)XG4 12.3(4)XG2 12.3(4)XG5 12.3(2)XF 12.3(2)XE 12.3(2)XE5 12.3(2)XE2 12.3(2)XE1 12.3(2)XE4 12.3(2)XE3 12.3(4)XD 12.3(4)XD4 12.3(4)XD1 12.3(4)XD3 12.3(4)XD2 12.3(2)XC 12.3(2)XC2 12.3(2)XC1 12.2(25)SE2 12.2(29)SV2 12.3(7)XR 12.3(7)XR4 12.3(7)XR3 12.3(7)XR5 12.3(7)XR6 12.3(7)XR2 12.3(7)XR7 12.3(8)XX 12.3(8)XX1 12.3(8)XX2d 12.3(2)XZ1 12.3(2)XZ2 12.3(8)YA 12.3(8)YA1 12.3(11)YF2 12.3(8)YG 12.3(8)YG5 12.3(8)YG3 12.3(8)YG6 12.3(8)YG2 12.3(8)YG1 12.3(8)YG4 12.2(12b)M1 12.2(12h)M1 12.2(4)XV 12.2(4)XV1 12.2(4)XV2 12.2(4)XV4 12.2(4)XV4a 12.2(4)XV3 12.2(4)XV5 12.3(8)YI2 12.3(8)YI3 12.3(8)YI1 12.3(11)YK 12.3(11)YK1 12.3(11)YK2 12.3(11)YK3 12.2(18)SO1 12.2(18)SO3 12.2(18)SO2 12.3(2)JA3 12.3(2)JA4 12.3(11)JA3 12.3(11)JA2 12.3(11)YS 12.3(11)YS1 12.3(11)YS2 12.4(3e) 12.4(7b) 12.4(8) 12.4(5b) 12.4(7a) 12.4(3d) 12.4(1) 12.4(1a) 12.4(1b) 12.4(1c) 12.4(10) 12.4(3) 12.4(3a) 12.4(3b) 12.4(3c) 12.4(3f) 12.4(5) 12.4(5a) 12.4(7c) 12.4(7) 12.4(8a) 12.4(8b) 12.4(7d) 12.4(3g) 12.4(8c) 12.4(10b) 12.4(12) 12.4(12a) 12.4(12b) 12.4(13) 12.4(13a) 12.4(13b) 12.4(13c) 12.4(7e) 12.4(17) 12.4(25e) 12.4(18b) 12.4(18e) 12.4(25g) 12.4(3i) 12.4(3j) 12.4(23b) 12.4(3h) 12.4(7h) 12.4(25a) 12.4(16) 12.4(13d) 12.4(25) 12.4(25c) 12.4(19) 12.4(13e) 12.4(25b) 12.4(23) 12.4(10c) 12.4(21) 12.4(16b) 12.4(16a) 12.4(23a) 12.4(25d) 12.4(7f) 12.4(18) 12.4(21a) 12.4(13f) 12.4(25f) 12.4(18c) 12.4(5c) 12.4(8d) 12.4(12c) 12.4(17a) 12.4(18a) 12.4(17b) 12.4(7g) 12.3(8)JK 12.4(6)MR1 12.4(11)MR 12.4(2)MR 12.4(4)MR 12.4(6)MR 12.4(9)MR 12.4(12)MR 12.4(16)MR 12.4(16)MR1 12.4(19)MR2 12.4(19)MR1 12.4(19)MR 12.4(20)MR 12.4(4)MR1 12.4(19)MR3 12.4(12)MR1 12.4(20)MR2 12.4(16)MR2 12.4(12)MR2 12.4(2)MR1 12.4(20)MR1 12.4(4)T 12.4(4)T1 12.4(4)T2 12.4(4)T3 12.4(6)T 12.4(6)T1 12.4(6)T2 12.4(9)T 12.4(4)T4 12.4(2)T5 12.4(6)T3 12.4(2)T 12.4(11)T 12.4(15)T 12.4(20)T 12.4(24)T 12.4(24)T3 12.4(4)T8 12.4(20)T1 12.4(22)T1 12.4(15)T9 12.4(11)T4 12.4(15)T8 12.4(6)T5 12.4(15)T15 12.4(24)T5 12.4(15)T2 12.4(6)T8 12.4(15)T12 12.4(24)T4 12.4(6)T11 12.4(9)T5 12.4(20)T3 12.4(6)T4 12.4(4)T6 12.4(22)T 12.4(20)T6 12.4(9)T3 12.4(24)T8 12.4(6)T7 12.4(15)T13 12.4(6)T10 12.4(15)T3 12.4(24)T2 12.4(22)T5 12.4(2)T3 12.4(15)T10 12.4(22)T4 12.4(20)T5 12.4(9)T6 12.4(15)T4 12.4(2)T4 12.4(24)T1 12.4(9)T4 12.4(24)T7 12.4(22)T3 12.4(9)T1 12.4(24)T6 12.4(6)T9 12.4(15)T5 12.4(4)T7 12.4(20)T2 12.4(2)T1 12.4(11)T1 12.4(15)T11 12.4(2)T6 12.4(2)T2 12.4(15)T7 12.4(11)T2 12.4(9)T7 12.4(15)T14 12.4(11)T3 12.4(15)T6 12.4(15)T16 12.4(15)T1 12.4(9)T2 12.4(6)T6 12.4(22)T2 12.4(4)T5 12.4(20)T4 12.4(15)T17 12.3(14)YT 12.3(14)YT1 12.3(7)JX2 12.3(7)JX 12.3(7)JX1 12.3(7)JX4 12.3(11)JX 12.3(7)JX7 12.3(7)JX12 12.3(7)JX9 12.3(7)JX10 12.3(11)JX1 12.3(7)JX6 12.3(7)JX5 12.3(7)JX3 12.3(7)JX11 12.3(7)JX8 12.3(4)TPC11b 12.3(4)TPC11a 12.4(2)XA 12.4(2)XA1 12.4(2)XA2 12.2(28)ZX 12.4(4)XC 12.4(4)XC1 12.4(4)XC5 12.4(4)XC7 12.4(4)XC3 12.4(4)XC4 12.4(4)XC2 12.4(4)XC6 12.4(6)XE 12.4(6)XE2 12.4(6)XE1 12.3(11)YZ1 12.3(11)YZ 12.3(11)YZ2 12.4(11)SW 12.4(15)SW6 12.4(15)SW 12.4(11)SW1 12.4(15)SW5 12.4(15)SW1 12.4(15)SW4 12.4(11)SW3 12.4(11)SW2 12.4(15)SW3 12.4(15)SW2 12.4(15)SW7 12.4(15)SW8 12.4(15)SW8a 12.4(15)SW9 12.4(11)XJ 12.4(11)XJ3 12.4(11)XJ2 12.4(11)XJ4 12.4(6)XT 12.4(6)XT1 12.4(6)XT2 12.4(11)MD2 12.4(11)XV 12.4(11)XV1 12.4(11)XW 12.4(11)XW3 12.4(11)XW7 12.4(11)XW10 12.4(11)XW8 12.4(11)XW9 12.4(11)XW6 12.4(11)XW4 12.4(11)XW1 12.4(11)XW5 12.4(11)XW2 12.4(3g)JMA1 12.4(15)XY4 12.4(15)XY5 12.4(15)XY1 12.4(15)XY 12.4(15)XY2 12.4(15)XY3 12.4(15)XZ 12.4(15)XZ2 12.4(15)XZ1 12.3(8)ZA 12.2(33)STE0 12.4(10b)JDA1 12.4(3g)JMB 12.4(23c)JY 12.4(10b)JDC 12.4(10b)JDD 15.0(1)M1 15.0(1)M5 15.0(1)M4 15.0(1)M3 15.0(1)M2 15.0(1)M6 15.0(1)M 15.0(1)M7 15.0(1)M10 15.0(1)M9 15.0(1)M8 15.0(1)XA2 15.0(1)XA4 15.0(1)XA1 15.0(1)XA3 15.0(1)XA 15.0(1)XA5 15.1(2)T 15.1(1)T4 15.1(3)T2 15.1(1)T1 15.1(2)T0a 15.1(3)T3 15.1(1)T3 15.1(2)T3 15.1(2)T4 15.1(1)T2 15.1(3)T 15.1(2)T2a 15.1(3)T1 15.1(1)T 15.1(2)T2 15.1(2)T1 15.1(2)T5 15.1(3)T4 15.1(1)T5 15.1(1)XB 15.0(1)XO1 15.0(1)XO 15.0(2)XO 12.2(33)MRA 12.2(33)MRB5 12.2(33)MRB2 12.2(33)MRB1 12.2(33)MRB4 12.2(33)MRB 12.2(33)MRB3 12.2(33)MRB6 15.3(1)T 15.3(2)T 15.3(1)T1 15.3(1)T2 15.3(1)T3 15.3(1)T4 15.3(2)T1 15.3(2)T2 15.3(2)T3 15.3(2)T4 12.4(10b)JDE 15.0(1)EY 15.0(1)EY1 15.0(1)EY2 12.4(20)MRB 12.4(20)MRB1 15.1(4)M3 15.1(4)M 15.1(4)M1 15.1(4)M2 15.1(4)M6 15.1(4)M5 15.1(4)M4 15.1(4)M7 15.1(4)M10 15.1(4)M8 15.1(4)M9 12.4(3g)JMC1 12.4(3g)JMC 12.4(3g)JMC2 15.0(2)SE8 15.1(2)GC 15.1(2)GC1 15.1(2)GC2 15.1(4)GC 15.1(4)GC1 15.1(4)GC2 15.2(4)M 15.2(4)M1 15.2(4)M2 15.2(4)M4 15.2(4)M3 15.2(4)M5 15.2(4)M8 15.2(4)M10 15.2(4)M7 15.2(4)M6 15.2(4)M9 15.2(4)M6a 15.2(4)M11 15.0(2)SG11a 12.4(21a)JHC 15.0(1)EX 15.0(2)EX2 15.0(2)EX8 15.0(2)EX10 15.0(2)EX11 15.0(2)EX13 15.0(2)EX12 15.2(1)GC 15.2(1)GC1 15.2(1)GC2 15.2(2)GC 15.2(3)GC 15.2(3)GC1 15.2(4)GC 15.2(4)GC2 15.2(4)GC3 15.1(2)SY11 15.1(2)SY12 15.1(2)SY13 15.1(2)SY14 15.1(2)SY15 15.1(2)SY16 15.3(3)S10 15.4(1)T 15.4(2)T 15.4(1)T2 15.4(1)T1 15.4(1)T3 15.4(2)T1 15.4(2)T3 15.4(2)T2 15.4(1)T4 15.4(2)T4 15.2(2a)E2 15.2(3a)E 15.2(3)E4 15.2(2)E5b 15.2(6)E0c 15.1(3)MRA3 15.1(3)MRA4 15.1(3)SVB1 15.1(3)SVB2 15.4(2)S3 15.3(3)M 15.3(3)M1 15.3(3)M2 15.3(3)M3 15.3(3)M5 15.3(3)M4 15.3(3)M6 15.3(3)M7 15.3(3)M8 15.3(3)M9 15.3(3)M8a 15.2(4)JN 15.1(3)SVD 15.1(3)SVD1 15.1(3)SVD2 15.2(2)SY3 15.2(1)SY5 15.2(1)SY6 15.2(1)SY7 15.2(1)SY8 15.1(3)SVF 15.1(3)SVF1 15.1(3)SVE 15.2(4)JAZ1 15.4(1)CG 15.4(1)CG1 15.4(2)CG 15.1(3)SVG 15.5(1)T 15.5(1)T1 15.5(2)T 15.5(1)T2 15.5(1)T3 15.5(2)T1 15.5(2)T2 15.5(2)T3 15.5(2)T4 15.5(1)T4 15.5(3)M 15.5(3)M1 15.5(3)M0a 15.5(3)M2 15.5(3)M3 15.5(3)M4 15.5(3)M4a 15.5(3)M5 15.3(3)JAA1 15.0(2)SQD 15.0(2)SQD1 15.0(2)SQD2 15.0(2)SQD3 15.0(2)SQD4 15.0(2)SQD5 15.0(2)SQD6 15.0(2)SQD7 15.0(2)SQD8 15.6(1)T 15.6(2)T 15.6(1)T0a 15.6(1)T1 15.6(2)T1 15.6(1)T2 15.6(2)T2 15.6(3)M 15.6(3)M1 15.6(3)M0a 15.6(3)M1b 15.6(3)M2 15.6(3)M2a 15.1(3)SVJ2 15.3(3)JPC5 15.4(1)SY3 15.4(1)SY4 15.5(1)SY1 15.5(1)SY2 15.5(1)SY3 15.5(1)SY4 15.5(1)SY5 15.5(1)SY6 15.5(1)SY7 15.5(1)SY8 15.5(1)SY9 15.5(1)SY10 15.5(1)SY11 15.5(1)SY12 15.5(1)SY13 15.5(1)SY14 15.5(1)SY15 15.3(3)JPR1
IntelliShield

Universal Product

Affected Versions:

N/A

Known Exploited Vulnerability

This vulnerability is actively being exploited in the wild

View KEV Details

Remediation Status

Overdue

Due Date

March 24, 2022

Added to KEV

March 3, 2022

Required Action

Apply updates per vendor instructions.

Affected Product

Vendor/Project: Cisco
Product: IOS software

Ransomware Risk

Known Ransomware Use
KEV Catalog Version: 2025.01.24 Released: January 24, 2025

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-7r2m-r994-47mm

Advisory Details

The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve78027, CSCve60276.

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2017-6744
WEB https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp
WEB https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp
WEB http://www.securityfocus.com/bid/99345
WEB http://www.securitytracker.com/id/1038808

Advisory provided by GitHub Security Advisory Database. Published: May 13, 2022, Modified: May 13, 2022

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp
Published: 2017-07-17T21:00:00.000Z
Last Modified: 2025-07-31T16:24:34.422Z
Copied to clipboard!