Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2017-3881
PUBLISHED
More InfoOfficial Page
Assigner-cisco
Assigner Org ID-d1c1063e-7a18-46af-9102-31f8928bc633
View Known Exploited Vulnerability (KEV) details
Published At-17 Mar, 2017 | 22:00
Updated At-12 Jan, 2026 | 20:45
Rejected At-
▼CVE Numbering Authority (CNA)

A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges. The Cluster Management Protocol utilizes Telnet internally as a signaling and command protocol between cluster members. The vulnerability is due to the combination of two factors: (1) the failure to restrict the use of CMP-specific Telnet options only to internal, local communications between cluster members and instead accept and process such options over any Telnet connection to an affected device; and (2) the incorrect processing of malformed CMP-specific Telnet options. An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device. This affects Catalyst switches, Embedded Service 2020 switches, Enhanced Layer 2 EtherSwitch Service Module, Enhanced Layer 2/3 EtherSwitch Service Module, Gigabit Ethernet Switch Module (CGESM) for HP, IE Industrial Ethernet switches, ME 4924-10GE switch, RF Gateway 10, and SM-X Layer 2/3 EtherSwitch Service Module. Cisco Bug IDs: CSCvd48893.

Affected Products
Vendor
n/a
Product
Cisco IOS and IOS XE Software
Versions
Affected
  • Cisco IOS and IOS XE Software
Problem Types
TypeCWE IDDescription
textN/ARemote Code Execution Vulnerability
Type: text
CWE ID: N/A
Description: Remote Code Execution Vulnerability
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.exploit-db.com/exploits/41872/
exploit
x_refsource_EXPLOIT-DB
https://www.exploit-db.com/exploits/41874/
exploit
x_refsource_EXPLOIT-DB
http://www.securityfocus.com/bid/97391
vdb-entry
x_refsource_BID
http://www.securityfocus.com/bid/96960
vdb-entry
x_refsource_BID
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp
x_refsource_CONFIRM
http://www.securitytracker.com/id/1038059
vdb-entry
x_refsource_SECTRACK
Hyperlink: https://www.exploit-db.com/exploits/41872/
Resource:
exploit
x_refsource_EXPLOIT-DB
Hyperlink: https://www.exploit-db.com/exploits/41874/
Resource:
exploit
x_refsource_EXPLOIT-DB
Hyperlink: http://www.securityfocus.com/bid/97391
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.securityfocus.com/bid/96960
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securitytracker.com/id/1038059
Resource:
vdb-entry
x_refsource_SECTRACK
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.exploit-db.com/exploits/41872/
exploit
x_refsource_EXPLOIT-DB
x_transferred
https://www.exploit-db.com/exploits/41874/
exploit
x_refsource_EXPLOIT-DB
x_transferred
http://www.securityfocus.com/bid/97391
vdb-entry
x_refsource_BID
x_transferred
http://www.securityfocus.com/bid/96960
vdb-entry
x_refsource_BID
x_transferred
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp
x_refsource_CONFIRM
x_transferred
http://www.securitytracker.com/id/1038059
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: https://www.exploit-db.com/exploits/41872/
Resource:
exploit
x_refsource_EXPLOIT-DB
x_transferred
Hyperlink: https://www.exploit-db.com/exploits/41874/
Resource:
exploit
x_refsource_EXPLOIT-DB
x_transferred
Hyperlink: http://www.securityfocus.com/bid/97391
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.securityfocus.com/bid/96960
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securitytracker.com/id/1038059
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-20CWE-20 Improper Input Validation
Type: CWE
CWE ID: CWE-20
Description: CWE-20 Improper Input Validation
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
kev
dateAdded:
2022-03-25
reference:
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-3881
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-3881
government-resource
Hyperlink: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-3881
Resource:
government-resource
Details not found