What is CVE-2017-3859?

CVE-2017-3859 is a high-severity vulnerability in Cisco Asr-920-12cz-a, classified under Use of Externally-Controlled Format String. CVSS score: 7.5/10. Published 2017-03-22.

How severe is CVE-2017-3859?

High severity. CVSS v3 base score is 7.5 out of 10.

Vulnerability in Cisco Asr-920-12cz-a

CVE-2017-3859

A vulnerability in the DHCP code for the Zero Touch Provisioning feature of Cisco ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due t…

EPSS: 0.003 (57.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Cisco Asr-920-12cz-a
Cisco Asr-920-12cz-d
Cisco Asr-920-12sz-im
Cisco Asr-920-24sz-im
Cisco Asr-920-24sz-m
Cisco Asr-920-24tz-m
Cisco Asr-920-4sz-a
Cisco Asr-920-4sz-d
Cisco Ios_xe — versions 3.13.4s, 3.13.5as, 3.13.5s
N/a Cisco Ios Xe Software For Asr 920 Series Routers — versions Cisco IOS XE Software for Cisco ASR 920 Series Routers

Weakness classification (CWE)

CWE-134 — Use of Externally-Controlled Format String

References

psirt@cisco.com (vdb-entry, x_refsource_SECTRACK)
psirt@cisco.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
psirt@cisco.com (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2017-3859?: CVE-2017-3859 is a high-severity vulnerability in Cisco Asr-920-12cz-a, classified under Use of Externally-Controlled Format String. CVSS score: 7.5/10. Published 2017-03-22.
How severe is CVE-2017-3859?: High severity. CVSS v3 base score is 7.5 out of 10.