Security restrictions bypass in Cisco IOS - CVE-2017-6770

Vulnerability identifier: #VU7645

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-6770

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Cisco Systems, Inc

Affected software:
Cisco IOS

The vulnerability allows a remote attacker to bypass security restrictions.

The weakness exists in the Open Shortest Path First (OSPF) Routing Protocol Link State Advertisement (LSA) database due to improper input validation. A remote attacker can send specially crafted unicast or multicast OSPF LSA type 1 packets and take full control of the OSPF Autonomous System (AS) domain routing table, allowing the attacker to intercept or black-hole traffic.

The vulnerability is addressed in the following versions:
16.6(0.125), 16.5(1.11), 16.3.4, 16.3(3.26), 15.7(2.0i)M, 15.6(3)M3, 15.6(3)M2.3, 15.6(1.16)SP2, 15.6(1)S3.29, 15.5(3)S6a, 15.5(3)S5.10, 15.5(3)M6, 15.5(1)IA1.306, 15.4(3)S8, 15.4(3)S7.2, 15.4(3)M8, 15.4(1.2.56)SY1, 15.4(1)SY2, 15.4(1)OF1.15, 15.4(1)IC1.101, 15.3(3)S9.22, 15.3(3)M10, 15.2(6.3.30i)E, 15.2(6.1.92i)E, 15.2(2)SY3, 15.2(2)E7, 15.2(1.2.57)SY2, 15.2(1.1)ST3, 15.2(1)SY4.38.

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170727-ospf