CVE-2017-6666

EUVD-2017-15720

13.06.2017, 06:29

A vulnerability in the forwarding component of Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series Routers could allow an authenticated, local attacker to cause the router to stop forwarding data traffic across Traffic Engineering (TE) tunnels, resulting in a denial of service (DoS) condition. More Information: CSCvd16665. Known Affected Releases: 6.2.11.BASE. Known Fixed Releases: 6.1.3 6.1.2 6.3.1.8i.BASE 6.2.11.8i.BASE 6.2.2.9i.BASE 6.1.32.11i.BASE 6.1.31.10i.BASE 6.1.4.3i.BASE.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6 MEDIUM	LOCAL	LOW	HIGH	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 22%

Affected Products (NVD)

Vendor	Product	Version
cisco	ios_xr	6.0.0
cisco	ios_xr	6.0.1
cisco	ios_xr	6.0_base:_base
cisco	ios_xr	6.1.0
cisco	ios_xr	6.1.1
cisco	ios_xr	6.1.2
cisco	ios_xr	6.1.3
cisco	ios_xr	6.2.0
cisco	ios_xr	6.2.1

𝑥

= Vulnerable software versions

References

http://www.securityfocus.com/bid/98987

http://www.securitytracker.com/id/1038630

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-ncs

http://www.securityfocus.com/bid/98987

http://www.securitytracker.com/id/1038630

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-ncs