cnvd - cnvd-2017-03029

cnvd-2017-03029

Vulnerability from cnvd

Title: Cisco IOS和IOS XE Software远程代码执行漏洞

Description:

Cisco IOS和IOS XE Software都是美国思科（Cisco）公司为其网络设备开发的操作系统。

Cisco IOS和IOS XE Software中的集群管理协议(CMP)存在漏洞，远程未认证攻击者可通过该漏洞造成服务重启或者远程代码执行。

Severity: 高

Patch Name: Cisco IOS和IOS XE Software远程代码执行漏洞的补丁

Patch Description:

Cisco IOS和IOS XE Software都是美国思科（Cisco）公司为其网络设备开发的操作系统。

Cisco IOS和IOS XE Software中的集群管理协议(CMP)存在漏洞，远程未认证攻击者可通过该漏洞造成服务重启或者远程代码执行。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp

Reference: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3881

Impacted products

Name
['Cisco IOS XE', 'Cisco IOS', 'Cisco Cluster Management Protocol (CMP)']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-3881",
      "cveUrl": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3881"
    }
  },
  "description": "Cisco IOS\u548cIOS XE Software\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u4e3a\u5176\u7f51\u7edc\u8bbe\u5907\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nCisco IOS\u548cIOS XE Software\u4e2d\u7684\u96c6\u7fa4\u7ba1\u7406\u534f\u8bae(CMP)\u5b58\u5728\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u672a\u8ba4\u8bc1\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8be5\u6f0f\u6d1e\u9020\u6210\u670d\u52a1\u91cd\u542f\u6216\u8005\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a \r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-03029",
  "openTime": "2017-03-21",
  "patchDescription": "Cisco IOS\u548cIOS XE Software\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u4e3a\u5176\u7f51\u7edc\u8bbe\u5907\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nCisco IOS\u548cIOS XE Software\u4e2d\u7684\u96c6\u7fa4\u7ba1\u7406\u534f\u8bae(CMP)\u5b58\u5728\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u672a\u8ba4\u8bc1\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8be5\u6f0f\u6d1e\u9020\u6210\u670d\u52a1\u91cd\u542f\u6216\u8005\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco IOS\u548cIOS XE Software\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco IOS XE",
      "Cisco IOS",
      "Cisco Cluster Management Protocol (CMP)"
    ]
  },
  "referenceLink": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3881",
  "serverity": "\u9ad8",
  "submitTime": "2017-03-20",
  "title": "Cisco IOS\u548cIOS XE Software\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

CVE-2017-3881 (GCVE-0-2017-3881)

Vulnerability from cvelistv5

Published

2017-03-17 22:00

Modified

2025-07-30 01:46

Severity ?

CWE

Remote Code Execution Vulnerability

Summary

A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges. The Cluster Management Protocol utilizes Telnet internally as a signaling and command protocol between cluster members. The vulnerability is due to the combination of two factors: (1) the failure to restrict the use of CMP-specific Telnet options only to internal, local communications between cluster members and instead accept and process such options over any Telnet connection to an affected device; and (2) the incorrect processing of malformed CMP-specific Telnet options. An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device. This affects Catalyst switches, Embedded Service 2020 switches, Enhanced Layer 2 EtherSwitch Service Module, Enhanced Layer 2/3 EtherSwitch Service Module, Gigabit Ethernet Switch Module (CGESM) for HP, IE Industrial Ethernet switches, ME 4924-10GE switch, RF Gateway 10, and SM-X Layer 2/3 EtherSwitch Service Module. Cisco Bug IDs: CSCvd48893.

References

▼	URL	Tags
	https://www.exploit-db.com/exploits/41872/	exploit, x_refsource_EXPLOIT-DB
	https://www.exploit-db.com/exploits/41874/	exploit, x_refsource_EXPLOIT-DB
	http://www.securityfocus.com/bid/97391	vdb-entry, x_refsource_BID
	http://www.securityfocus.com/bid/96960	vdb-entry, x_refsource_BID
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1038059	vdb-entry, x_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	n/a	Cisco IOS and IOS XE Software	Version: Cisco IOS and IOS XE Software

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:39:41.294Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "41872",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/41872/"
          },
          {
            "name": "41874",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/41874/"
          },
          {
            "name": "97391",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97391"
          },
          {
            "name": "96960",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/96960"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp"
          },
          {
            "name": "1038059",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038059"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-3881",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-08T16:05:33.301931Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2022-03-25",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-3881"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-30T01:46:30.293Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "timeline": [
          {
            "lang": "en",
            "time": "2022-03-25T00:00:00+00:00",
            "value": "CVE-2017-3881 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IOS and IOS XE Software",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco IOS and IOS XE Software"
            }
          ]
        }
      ],
      "datePublic": "2017-03-17T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges. The Cluster Management Protocol utilizes Telnet internally as a signaling and command protocol between cluster members. The vulnerability is due to the combination of two factors: (1) the failure to restrict the use of CMP-specific Telnet options only to internal, local communications between cluster members and instead accept and process such options over any Telnet connection to an affected device; and (2) the incorrect processing of malformed CMP-specific Telnet options. An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device. This affects Catalyst switches, Embedded Service 2020 switches, Enhanced Layer 2 EtherSwitch Service Module, Enhanced Layer 2/3 EtherSwitch Service Module, Gigabit Ethernet Switch Module (CGESM) for HP, IE Industrial Ethernet switches, ME 4924-10GE switch, RF Gateway 10, and SM-X Layer 2/3 EtherSwitch Service Module. Cisco Bug IDs: CSCvd48893."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution Vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-15T09:57:01.000Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "41872",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/41872/"
        },
        {
          "name": "41874",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/41874/"
        },
        {
          "name": "97391",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97391"
        },
        {
          "name": "96960",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/96960"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp"
        },
        {
          "name": "1038059",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038059"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-3881",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco IOS and IOS XE Software",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco IOS and IOS XE Software"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges. The Cluster Management Protocol utilizes Telnet internally as a signaling and command protocol between cluster members. The vulnerability is due to the combination of two factors: (1) the failure to restrict the use of CMP-specific Telnet options only to internal, local communications between cluster members and instead accept and process such options over any Telnet connection to an affected device; and (2) the incorrect processing of malformed CMP-specific Telnet options. An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device. This affects Catalyst switches, Embedded Service 2020 switches, Enhanced Layer 2 EtherSwitch Service Module, Enhanced Layer 2/3 EtherSwitch Service Module, Gigabit Ethernet Switch Module (CGESM) for HP, IE Industrial Ethernet switches, ME 4924-10GE switch, RF Gateway 10, and SM-X Layer 2/3 EtherSwitch Service Module. Cisco Bug IDs: CSCvd48893."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Remote Code Execution Vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "41872",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/41872/"
            },
            {
              "name": "41874",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/41874/"
            },
            {
              "name": "97391",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97391"
            },
            {
              "name": "96960",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/96960"
            },
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp"
            },
            {
              "name": "1038059",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038059"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2017-3881",
    "datePublished": "2017-03-17T22:00:00.000Z",
    "dateReserved": "2016-12-21T00:00:00.000Z",
    "dateUpdated": "2025-07-30T01:46:30.293Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted