CVE-2017-3804
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
26/01/2017
Last modified:
20/04/2025
Description
A vulnerability in Intermediate System-to-Intermediate System (IS-IS) protocol packet processing of Cisco Nexus 5000, 6000, and 7000 Series Switches software could allow an unauthenticated, adjacent attacker to cause a reload of the affected device. Switches in the FabricPath domain crash because of an __inst_001__isis_fabricpath hap reset when processing a crafted link-state packet. More Information: CSCvc45002. Known Affected Releases: 7.1(3)N1(2.1) 7.1(3)N1(3.12) 7.3(2)N1(0.296) 8.0(1)S2. Known Fixed Releases: 6.2(18)S11 7.0(3)I5(1.170) 7.0(3)I5(2) 7.1(4)N1(0.4) 7.1(4)N1(1b) 7.1(5)N1(0.986) 7.1(5)N1(1) 7.2(3)D1(0.8) 7.3(2)N1(0.304) 7.3(2)N1(1) 8.0(0.96)S0 8.0(1) 8.0(1)E1 8.0(1)S4 8.3(0)CV(0.788).
Impact
Base Score 3.x
6.10
Severity 3.x
MEDIUM
Base Score 2.0
5.70
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:cisco:nx-os:7.1\(3\)n1\(2.1\):*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:nx-os:7.1\(3\)n1\(3.12\):*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:nx-os:7.3\(2\)n1\(0.296\):*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:nx-os:8.0\(1\)s2:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:nexus_5000:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:nexus_6001:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:nexus_6004:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:nexus_7000:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.securityfocus.com/bid/95638
- http://www.securitytracker.com/id/1037658
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-nexus
- http://www.securityfocus.com/bid/95638
- http://www.securitytracker.com/id/1037658
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-nexus