CVE-2017-6720 — MEDIUM (6.5)

Q: How severe is CVE-2017-6720?

CVE-2017-6720 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2017-6720?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Sf302-08Pp Firmware, Cisco Sf302-08Pp, Cisco Sf302-08Mpp Firmware, Cisco Sf302-08Mpp, Cisco Sg300-10Pp Firmware.

Vulnerability Description

A vulnerability in the Secure Shell (SSH) subsystem of Cisco Small Business Managed Switches software could allow an authenticated, remote attacker to cause a reload of the affected switch, resulting in a denial of service (DoS) condition. The vulnerability is due to improper processing of SSH connections. An attacker could exploit this vulnerability by logging in to an affected switch via SSH and sending a malicious SSH message. This vulnerability affects the following Cisco products when SSH is enabled: Small Business 300 Series Managed Switches, Small Business 500 Series Stackable Managed Switches, 350 Series Managed Switches, 350X Series Stackable Managed Switches, 550X Series Stackable Managed Switches, ESW2 Series Advanced Switches. Cisco Bug IDs: CSCvb48377.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Cisco	Sf302-08Pp Firmware	< 1.4.8.06
Cisco	Sf302-08Pp	-
Cisco	Sf302-08Mpp Firmware	< 1.4.8.06
Cisco	Sf302-08Mpp	-
Cisco	Sg300-10Pp Firmware	< 1.4.8.06
Cisco	Sg300-10Pp	-
Cisco	Sg300-10Mpp Firmware	< 1.4.8.06
Cisco	Sg300-10Mpp	-
Cisco	Sf300-24Pp Firmware	< 1.4.8.06
Cisco	Sf300-24Pp	-
Cisco	Sf300-48Pp Firmware	< 1.4.8.06
Cisco	Sf300-48Pp	-
Cisco	Sg300-28Pp Firmware	< 1.4.8.06
Cisco	Sg300-28Pp	-
Cisco	Sf300-08 Firmware	< 1.4.8.06
Cisco	Sf300-08	-
Cisco	Sf300-48P Firmware	< 1.4.8.06
Cisco	Sf300-48P	-
Cisco	Sg300-10Mp Firmware	< 1.4.8.06
Cisco	Sg300-10Mp	-

Related Weaknesses (CWE)

CWE-119

References

http://www.securityfocus.com/bid/100933Third Party AdvisoryVDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
http://www.securityfocus.com/bid/100933Third Party AdvisoryVDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory

FAQ

What is CVE-2017-6720?

CVE-2017-6720 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A vulnerability in the Secure Shell (SSH) subsystem of Cisco Small Business Managed Switches software could allow an authenticated, remote attacker to cause a reload of the affected switch, resulting ...

How severe is CVE-2017-6720?

CVE-2017-6720 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-6720?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Sf302-08Pp Firmware, Cisco Sf302-08Pp, Cisco Sf302-08Mpp Firmware, Cisco Sf302-08Mpp, Cisco Sg300-10Pp Firmware.