Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2017-3853

EPSS 1.73% · P83
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2017-3853

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability in the Data-in-Motion (DMo) process installed with the Cisco IOx application environment could allow an unauthenticated, remote attacker to cause a stack overflow that could allow remote code execution with root privileges in the virtual instance running on an affected device. The vulnerability is due to insufficient bounds checking in the DMo process. An attacker could exploit this vulnerability by sending crafted packets that are forwarded to the DMo process for evaluation. The impacts of a successful exploit are limited to the scope of the virtual instance and do not impact the router that is hosting Cisco IOx. This vulnerability affects the following Cisco 800 Series Industrial Integrated Services Routers: Cisco IR809 and Cisco IR829. Cisco IOx Releases 1.0.0.0 and 1.1.0.0 are vulnerable. Cisco Bug IDs: CSCuy52330.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
内存缓冲区边界内操作的限制不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Cisco IOx Data-in-Motion 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Cisco IOx是美国思科(Cisco)公司的一套为思科物联网网络基础设施(Cisco路由器、交换机等)提供统一托管功能的应用程序。Data-in-Motion(DMo)是其中的一个实时数据交互进程。 与Cisco IOx 1.0.0.0和1.1.0.0版本应用程序环境安装的DMo进程存在安全漏洞。远程攻击者可利用该漏洞以root权限执行任意代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-Cisco IOx Cisco IOx -

II. Public POCs for CVE-2017-3853

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2017-3853

登录查看更多情报信息。

Same Patch Batch · n/a · 2017-03-22 · 29 CVEs total

CVE-2017-7226GNU Binutils 缓冲区错误漏洞
CVE-2017-7222MantisBT 跨站脚本漏洞
CVE-2017-5874D-Link DIR-600M Rev. Cx 跨站请求伪造漏洞
CVE-2017-6971AlienVault USM、OSSIM和NfSen 安全漏洞
CVE-2017-6970AlienVault USM、OSSIM和NfSen 安全漏洞
CVE-2014-9840ImageMagick 安全漏洞
CVE-2014-9839ImageMagick 安全漏洞
CVE-2014-9838ImageMagick 安全漏洞
CVE-2014-9836ImageMagick 安全漏洞
CVE-2014-9835ImageMagick 缓冲区错误漏洞
CVE-2014-9834ImageMagick 缓冲区错误漏洞
CVE-2014-9833ImageMagick 缓冲区错误漏洞
CVE-2014-9832ImageMagick 缓冲区错误漏洞
CVE-2017-7227GNU Binutils 缓冲区错误漏洞
CVE-2017-6972AlienVault USM、OSSIM和NfSen 安全漏洞
CVE-2017-7225GNU Binutils 安全漏洞
CVE-2017-7224GNU Binutils 安全漏洞
CVE-2017-7223GNU Binutils 安全漏洞
CVE-2017-5673Joomla! Kunena组件跨站脚本漏洞
CVE-2017-7231pngdefry 缓冲区错误漏洞

Showing top 20 of 29 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Cisco IOx
Same vendor: n/a
Same weakness: CWE-119

V. Comments for CVE-2017-3853

No comments yet

Leave a comment