CVE-2017-6655

A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition when an FCoE-related process unexpectedly reloads. This vulnerability affects Cisco NX-OS Software on the following Cisco devices when they are configured for FCoE: Multilayer Director Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches. More Information: CSCvc91729. Known Affected Releases: 8.3(0)CV(0.833). Known Fixed Releases: 8.3(0)ISH(0.62) 8.3(0)CV(0.944) 8.1(1) 8.1(0.8)S0 7.3(2)D1(0.47).

CVSS v3 6.5 MEDIUM
CVSS v2.0 3.3 LOW

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

3.3^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:A/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 6.5 / Impact : 2.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/98991	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1038628	Third Party Advisory VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-nxos	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:mds_9000_nx-os:7.3\(1\)d1\(1\):::::::*
	cpe:2.3:a:cisco:nx-os_for_nexus_5500_platform_switches:7.3\(1\)n1\(1\):::::::*
	cpe:2.3:a:cisco:nx-os_for_nexus_5600_platform_switches:7.3\(1\)n1\(1\):::::::*
	cpe:2.3:a:cisco:nx-os_for_nexus_7700_series_switches:8.0\(1\)\(ed\):::::::*
	cpe:2.3:o:cisco:nx-os:8.0\(1\)s2:::::::*
	cpe:2.3:o:cisco:nx-os:8.3\(0\)cv\(0.833\):::::::*

History

16 Dec 2021, 18:48

Type	Values Removed	Values Added
References	~~(SECTRACK) http://www.securitytracker.com/id/1038628 -~~	(SECTRACK) http://www.securitytracker.com/id/1038628 - Third Party Advisory, VDB Entry

03 Dec 2021, 17:15

Type	Values Removed	Values Added
CPE	cpe:2.3:a:cisco:nx-os:8.0\(1\)s2:::::nexus_5000_series:: cpe:2.3:a:cisco:nx-os:8.0\(1\)s2:::::nexus_7000_series:: cpe:2.3:a:cisco:nx-os:8.3\(0\)cv\(0.833\):::::nexus_7000_series::	cpe:2.3:o:cisco:nx-os:8.3\(0\)cv\(0.833\):::::::* cpe:2.3:o:cisco:nx-os:8.0\(1\)s2:::::::*

Information

Published : 2017-06-13 06:29

Updated : 2024-02-04 19:29

NVD link : CVE-2017-6655

Mitre link : CVE-2017-6655

CVE.ORG link : CVE-2017-6655

JSON object : View

Products Affected

cisco

nx-os_for_nexus_7700_series_switches
nx-os_for_nexus_5600_platform_switches
mds_9000_nx-os
nx-os_for_nexus_5500_platform_switches
nx-os

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

6.5 /10

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

3.3 /10

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2017-6655

6.5^/10

3.3^/10

Attach tags to `CVE-2017-6655`