Cisco Stackable Managed Switch SSH Subsystem Message memory corruption
CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
5.7 | $0-$5k | 0.00 |
A vulnerability was found in Cisco Stackable Managed Switch (affected version unknown). It has been declared as problematic. This vulnerability affects an unknown functionality of the component SSH Subsystem. The manipulation as part of a Message leads to a memory corruption vulnerability. The CWE definition for the vulnerability is CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. As an impact it is known to affect availability. CVE summarizes:
A vulnerability in the Secure Shell (SSH) subsystem of Cisco Small Business Managed Switches software could allow an authenticated, remote attacker to cause a reload of the affected switch, resulting in a denial of service (DoS) condition. The vulnerability is due to improper processing of SSH connections. An attacker could exploit this vulnerability by logging in to an affected switch via SSH and sending a malicious SSH message. This vulnerability affects the following Cisco products when SSH is enabled: Small Business 300 Series Managed Switches, Small Business 500 Series Stackable Managed Switches, 350 Series Managed Switches, 350X Series Stackable Managed Switches, 550X Series Stackable Managed Switches, ESW2 Series Advanced Switches. Cisco Bug IDs: CSCvb48377.
The bug was discovered 09/20/2017. The weakness was shared 09/21/2017 as cisco-sa-20170920-sbms as confirmed advisory (Website). The advisory is available at tools.cisco.com. This vulnerability was named CVE-2017-6720 since 03/09/2017. The attack can be initiated remotely. The successful exploitation needs a single authentication. The technical details are unknown and an exploit is not available. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment (estimation calculated on 01/13/2021).
The vulnerability was handled as a non-public zero-day exploit for at least 1 days. During that time the estimated underground price was around $5k-$25k.
It is possible to mitigate the problem by applying the configuration setting .Proper firewalling of tcp/22 (ssh) is able to address this issue. The best possible mitigation is suggested to be the change of configuration settings.
Product
Vendor
Name
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.9VulDB Meta Temp Score: 5.8
VulDB Base Score: 4.3
VulDB Temp Score: 4.2
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 7.5
NVD Vector: 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Memory corruptionCWE: CWE-119
ATT&CK: Unknown
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: ConfigStatus: 🔍
0-Day Time: 🔍
Firewalling: 🔍
Timeline
03/09/2017 🔍09/20/2017 🔍
09/20/2017 🔍
09/21/2017 🔍
09/21/2017 🔍
09/21/2017 🔍
01/13/2021 🔍
Sources
Vendor: cisco.comAdvisory: cisco-sa-20170920-sbms
Researcher: Alessandro Celestra
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2017-6720 (🔍)
SecurityFocus: 100933 - Multiple Cisco Products CVE-2017-6720 Denial of Service Vulnerability
Entry
Created: 09/21/2017 21:39Updated: 01/13/2021 18:17
Changes: 09/21/2017 21:39 (62), 11/18/2019 15:19 (4), 01/13/2021 18:17 (3)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.