CVE-2017-6631 — HIGH (7.5) — White Hats Nepal

Vulnerability Description

A vulnerability in the HTTP remote procedure call (RPC) service of set-top box (STB) receivers manufactured by Cisco for Yes could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists because the firmware of an affected device fails to handle certain XML values that are passed to the HTTP RPC service listening on the local subnet of the device. An attacker could exploit this vulnerability by submitting a malformed request to an affected device. A successful attack could cause the affected device to restart, resulting in a DoS condition. Yes has updated the affected devices with firmware that addresses this vulnerability. Customers are not required to take action. Vulnerable Products: This vulnerability affects YesMaxTotal, YesMax HD, and YesQuattro STB devices. Cisco Bug IDs: CSCvd08812.

CVSS Score

7.5

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Cisco	Yesmax Hd Firmware	-
Cisco	Yesmax Hd	-
Cisco	Yesmaxtotal Firmware	-
Cisco	Yesmaxtotal	-
Cisco	Yesquattro Firmware	-
Cisco	Yesquattro	-

Related Weaknesses (CWE)

CWE-399

References

http://www.securityfocus.com/bid/100672Third Party AdvisoryVDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
http://www.securityfocus.com/bid/100672Third Party AdvisoryVDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory

FAQ

What is CVE-2017-6631?

CVE-2017-6631 is a vulnerability with a CVSS score of 7.5 (HIGH). A vulnerability in the HTTP remote procedure call (RPC) service of set-top box (STB) receivers manufactured by Cisco for Yes could allow an unauthenticated, remote attacker to cause a denial of servic...

How severe is CVE-2017-6631?

CVE-2017-6631 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-6631?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Yesmax Hd Firmware, Cisco Yesmax Hd, Cisco Yesmaxtotal Firmware, Cisco Yesmaxtotal, Cisco Yesquattro Firmware.