CVE-2017-6603 - OpenCVE

A vulnerability in Cisco ASR 903 or ASR 920 Series Devices running with an RSP2 card could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on a targeted system because of incorrect IPv6 Packet Processing. More Information: CSCuy94366. Known Affected Releases: 15.4(3)S3.15. Known Fixed Releases: 15.6(2)SP 15.6(1.31)SP.

No CVSS v3.1

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:A/AC:L/Au:N/C:N/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Cisco	Asr 900 Series Firmware Asr-920-12cz-a Asr-920-24sz-m Asr-920-12sz-im Asr-920-4sz-d Asr-920-4sz-a Asr 903 Asr-920-24tz-m Asr-920-12cz-d Asr-920-24sz-im

Configuration 1 [-]

AND

cpe:2.3:o:cisco:asr_900_series_firmware:15.4\(3\)s3.15:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:asr-920-12cz-a:-:::::::*
	cpe:2.3:h:cisco:asr-920-12cz-d:-:::::::*
	cpe:2.3:h:cisco:asr-920-12sz-im:-:::::::*
	cpe:2.3:h:cisco:asr-920-24sz-im:-:::::::*
	cpe:2.3:h:cisco:asr-920-24sz-m:-:::::::*
	cpe:2.3:h:cisco:asr-920-24tz-m:-:::::::*
	cpe:2.3:h:cisco:asr-920-4sz-a:-:::::::*
	cpe:2.3:h:cisco:asr-920-4sz-d:-:::::::*
	cpe:2.3:h:cisco:asr_903:-:::::::*

References

Link	Resource
http://www.securityfocus.com/bid/97450	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1038185
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-asr	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: cisco

Published: 2017-04-07T17:00:00

Updated: 2017-07-11T09:57:01

Reserved: 2017-03-09T00:00:00

Link: CVE-2017-6603

JSON object: View

NVD Information

Status : Modified

Published: 2017-04-07T17:59:00.730

Modified: 2019-10-03T00:03:26.223

Link: CVE-2017-6603

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "Cisco ASR 903 and ASR 920 Series Devices", "vendor": "n/a", "versions": [{"status": "affected", "version": "Cisco ASR 903 and ASR 920 Series Devices"}]}], "datePublic": "2017-04-07T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in Cisco ASR 903 or ASR 920 Series Devices running with an RSP2 card could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on a targeted system because of incorrect IPv6 Packet Processing. More Information: CSCuy94366. Known Affected Releases: 15.4(3)S3.15. Known Fixed Releases: 15.6(2)SP 15.6(1.31)SP."}], "problemTypes": [{"descriptions": [{"description": "Denial of Service Vulnerability", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-11T09:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-asr"}, {"name": "1038185", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1038185"}, {"name": "97450", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/97450"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2017-6603", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco ASR 903 and ASR 920 Series Devices", "version": {"version_data": [{"version_value": "Cisco ASR 903 and ASR 920 Series Devices"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in Cisco ASR 903 or ASR 920 Series Devices running with an RSP2 card could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on a targeted system because of incorrect IPv6 Packet Processing. More Information: CSCuy94366. Known Affected Releases: 15.4(3)S3.15. Known Fixed Releases: 15.6(2)SP 15.6(1.31)SP."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Denial of Service Vulnerability"}]}]}, "references": {"reference_data": [{"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-asr", "refsource": "CONFIRM", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-asr"}, {"name": "1038185", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038185"}, {"name": "97450", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97450"}]}}}}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2017-6603", "datePublished": "2017-04-07T17:00:00", "dateReserved": "2017-03-09T00:00:00", "dateUpdated": "2017-07-11T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:asr_900_series_firmware:15.4\\(3\\)s3.15:*:*:*:*:*:*:*", "matchCriteriaId": "5622AD5D-BF0F-465A-AF5E-EBBAD8F173FD", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:asr-920-12cz-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "11B83BED-5A49-4CF0-9827-AA291D01F60E", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr-920-12cz-d:-:*:*:*:*:*:*:*", "matchCriteriaId": "2C1E8937-51D9-43E6-876E-5D39AD3D32C4", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr-920-12sz-im:-:*:*:*:*:*:*:*", "matchCriteriaId": "8D9ECE39-C111-412B-AF56-9B7435D98FE0", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr-920-24sz-im:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1B25F27-6527-46F8-9C1A-4B4F79F3E6C4", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr-920-24sz-m:-:*:*:*:*:*:*:*", "matchCriteriaId": "9FE70CCD-6062-45D8-8566-7C9E237E030F", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr-920-24tz-m:-:*:*:*:*:*:*:*", "matchCriteriaId": "375F9E12-A61B-4FD3-AE07-D4E686EB112A", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr-920-4sz-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "D724F932-4548-429D-8CAA-E82C3435A194", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr-920-4sz-d:-:*:*:*:*:*:*:*", "matchCriteriaId": "0BCC94C3-9EEF-4600-BE82-8AEDEB0F1446", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:asr_903:-:*:*:*:*:*:*:*", "matchCriteriaId": "51938C0A-AFDB-4B12-BB64-9C67FC0C738F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability in Cisco ASR 903 or ASR 920 Series Devices running with an RSP2 card could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on a targeted system because of incorrect IPv6 Packet Processing. More Information: CSCuy94366. Known Affected Releases: 15.4(3)S3.15. Known Fixed Releases: 15.6(2)SP 15.6(1.31)SP."}, {"lang": "es", "value": "Una vulnerabilidad en los dispositivos Cisco ASR 903 o ASR 920 que funcionan con una tarjeta RSP2 podr\u00eda permitir a un atacante no autenticado y adyacente provocar una denegaci\u00f3n de servicio (DoS) en un sistema de destino debido a un procesamiento incorrecto de paquetes IPv6. M\u00e1s informaci\u00f3n: CSCuy94366. Lanzamientos afectados conocidos: 15.4 (3) S3.15. Lanzamientos fijos conocidos: 15.6(2)SP 15.6(1.31)SP."}], "id": "CVE-2017-6603", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-04-07T17:59:00.730", "references": [{"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/97450"}, {"source": "ykramarz@cisco.com", "url": "http://www.securitytracker.com/id/1038185"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-asr"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}