Strix
26.1K

CVE-2017-6606

UnknownEPSS 0.50%

Last modified

CVE-2017-6606 is a vulnerability of currently unknown severity. A vulnerability in a startup script of Cisco IOS XE Software could allow an unauthenticated attacker with physical access to the targeted system to execute arbitrary commands on the underlying operating system with the privileges of the root user. More Information: CSCuz06639 CSCuz42122. EPSS estimates a 0.50% chance of exploitation in the next 30 days.

Description

A vulnerability in a startup script of Cisco IOS XE Software could allow an unauthenticated attacker with physical access to the targeted system to execute arbitrary commands on the underlying operating system with the privileges of the root user. More Information: CSCuz06639 CSCuz42122. Known Affected Releases: 15.6(1.1)S 16.1.2 16.2.0 15.2(1)E. Known Fixed Releases: Denali-16.1.3 16.2(1.8) 16.1(2.61) 15.6(2)SP 15.6(2)S1 15.6(1)S2 15.5(3)S3a 15.5(3)S3 15.5(2)S4 15.5(1)S4 15.4(3)S6a 15.4(3)S6 15.3(3)S8a 15.3(3)S8 15.2(5)E 15.2(4)E3 15.2(3)E5 15.0(2)SQD3 15.0(1.9.2)SQD3 3.9(0)E.

Metrics

EPSS Probability
0.50%

39.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
CiscoIos Xe3.1.0s
CiscoIos Xe3.1.0sg
CiscoIos Xe3.1.1s
CiscoIos Xe3.1.1sg
CiscoIos Xe3.1.2s
CiscoIos Xe3.1.3s
CiscoIos Xe3.1.4as
CiscoIos Xe3.1.4s
CiscoIos Xe3.2.0se
CiscoIos Xe3.2.0sg
CiscoIos Xe3.2.0xo
CiscoIos Xe3.2.1s
CiscoIos Xe3.2.1se
CiscoIos Xe3.2.1sg
CiscoIos Xe3.2.1xo
CiscoIos Xe3.2.2s
CiscoIos Xe3.2.2se
CiscoIos Xe3.2.2sg
CiscoIos Xe3.2.3se
CiscoIos Xe3.2.3sg
CiscoIos Xe3.2.4sg
CiscoIos Xe3.2.5sg
CiscoIos Xe3.2.6sg
CiscoIos Xe3.2.7sg
CiscoIos Xe3.2.8sg
CiscoIos Xe3.2.9sg
CiscoIos Xe3.2.10sg
CiscoIos Xe3.2.11sg
CiscoIos Xe3.3.0s
CiscoIos Xe3.3.0se
CiscoIos Xe3.3.0sg
CiscoIos Xe3.3.0sq
CiscoIos Xe3.3.0xo
CiscoIos Xe3.3.1s
CiscoIos Xe3.3.1se
CiscoIos Xe3.3.1sg
CiscoIos Xe3.3.1sq
CiscoIos Xe3.3.1xo
CiscoIos Xe3.3.2s
CiscoIos Xe3.3.2se
CiscoIos Xe3.3.2sg
CiscoIos Xe3.3.2xo
CiscoIos Xe3.3.3se
CiscoIos Xe3.3.4se
CiscoIos Xe3.3.5se
CiscoIos Xe3.4.0as
CiscoIos Xe3.4.0s
CiscoIos Xe3.4.0sg
CiscoIos Xe3.4.0sq
CiscoIos Xe3.4.1s

Showing 50 of 164 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2017-6606?
A vulnerability in a startup script of Cisco IOS XE Software could allow an unauthenticated attacker with physical access to the targeted system to execute arbitrary commands on the underlying operating system with the privileges of the root user. More Information: CSCuz06639 CSCuz42122. Known Affected Releases: 15.6(1.1)S 16.1.2 16.2.0 15.2(1)E. Known Fixed Releases: Denali-16.1.3 16.2(1.8) 16.1(2.61) 15.6(2)SP 15.6(2)S1 15.6(1)S2 15.5(3)S3a 15.5(3)S3 15.5(2)S4 15.5(1)S4 15.4(3)S6a 15.4(3)S6 15.3(3)S8a 15.3(3)S8 15.2(5)E 15.2(4)E3 15.2(3)E5 15.0(2)SQD3 15.0(1.9.2)SQD3 3.9(0)E.
How severe is CVE-2017-6606?
Severity scoring for CVE-2017-6606 is pending analysis. The EPSS model estimates a 0.50% probability of exploitation in the next 30 days.
How do I fix CVE-2017-6606?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-6606?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST