Details of VAR-201709-1072

ID

VAR-201709-1072

CVE

CVE-2017-6631

TITLE

plural Cisco Yes STB Vulnerabilities related to resource management in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-007988

DESCRIPTION

A vulnerability in the HTTP remote procedure call (RPC) service of set-top box (STB) receivers manufactured by Cisco for Yes could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists because the firmware of an affected device fails to handle certain XML values that are passed to the HTTP RPC service listening on the local subnet of the device. An attacker could exploit this vulnerability by submitting a malformed request to an affected device. A successful attack could cause the affected device to restart, resulting in a DoS condition. Yes has updated the affected devices with firmware that addresses this vulnerability. Customers are not required to take action. Vulnerable Products: This vulnerability affects YesMaxTotal, YesMax HD, and YesQuattro STB devices. Cisco Bug IDs: CSCvd08812. Vendors have confirmed this vulnerability Bug ID CSCvd08812 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. CiscoYesMaxTotal, YesMaxHD, and YesQuattroSTB are all video signal converter devices from Cisco. The HTTPremoteprocedurecall(RPC) service is one of the remote procedure call services. A denial of service vulnerability exists in the HTTPRPCservice for CiscoYesMaxTotal, YesMaxHD, and YesQuattroSTB devices. Multiple Cisco Products are prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause denial-of-service condition

Trust: 2.52

sources: NVD: CVE-2017-6631 // JVNDB: JVNDB-2017-007988 // CNVD: CNVD-2017-32520 // BID: 100672 // VULHUB: VHN-114834

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-32520

AFFECTED PRODUCTS

vendor:	cisco	model:	yesmaxtotal	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	yesquattro	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	yesmax hd	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	yesmaxtotal	scope:	eq	version:	0	Trust: 0.9
vendor:	cisco	model:	yesmax hd	scope:	eq	version:	0	Trust: 0.9
vendor:	cisco	model:	yesquattro stb	scope:	eq	version:	0	Trust: 0.9
vendor:	cisco	model:	yesmax hd	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	yesmaxtotal	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	yesquattro	scope:	-	version:	-	Trust: 0.8

sources: CNVD: CNVD-2017-32520 // BID: 100672 // JVNDB: JVNDB-2017-007988 // CNNVD: CNNVD-201709-221 // NVD: CVE-2017-6631

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-6631
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-6631
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-32520
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201709-221
value:	HIGH
Trust: 0.6
VULHUB:	VHN-114834
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-6631
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-32520
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-114834
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-6631
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-32520 // VULHUB: VHN-114834 // JVNDB: JVNDB-2017-007988 // CNNVD: CNNVD-201709-221 // NVD: CVE-2017-6631

PROBLEMTYPE DATA

problemtype:	CWE-399	Trust: 1.9
problemtype:	NVD-CWE-noinfo	Trust: 1.0

sources: VULHUB: VHN-114834 // JVNDB: JVNDB-2017-007988 // NVD: CVE-2017-6631

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201709-221

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201709-221

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-007988

PATCH

title:	cisco-sa-20170906-stb	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-stb	Trust: 0.8
title:	Patch for CiscoYesMaxTotal, YesMaxHD, and YesQuattroSTB Denial of Service Vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/104302	Trust: 0.6
title:	Cisco YesMaxTotal , YesMax HD and YesQuattro STB Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74576	Trust: 0.6

sources: CNVD: CNVD-2017-32520 // JVNDB: JVNDB-2017-007988 // CNNVD: CNNVD-201709-221

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6631	Trust: 3.4
db:	BID	id:	100672	Trust: 2.6
db:	JVNDB	id:	JVNDB-2017-007988	Trust: 0.8
db:	CNNVD	id:	CNNVD-201709-221	Trust: 0.7
db:	CNVD	id:	CNVD-2017-32520	Trust: 0.6
db:	VULHUB	id:	VHN-114834	Trust: 0.1

sources: CNVD: CNVD-2017-32520 // VULHUB: VHN-114834 // BID: 100672 // JVNDB: JVNDB-2017-007988 // CNNVD: CNNVD-201709-221 // NVD: CVE-2017-6631

REFERENCES

url:	http://www.securityfocus.com/bid/100672	Trust: 2.3
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170906-stb	Trust: 2.0
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6631	Trust: 1.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6631	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2017-32520 // VULHUB: VHN-114834 // BID: 100672 // JVNDB: JVNDB-2017-007988 // CNNVD: CNNVD-201709-221 // NVD: CVE-2017-6631

CREDITS

Cisco

Trust: 0.3

sources: BID: 100672

SOURCES

db:	CNVD	id:	CNVD-2017-32520
db:	VULHUB	id:	VHN-114834
db:	BID	id:	100672
db:	JVNDB	id:	JVNDB-2017-007988
db:	CNNVD	id:	CNNVD-201709-221
db:	NVD	id:	CVE-2017-6631

LAST UPDATE DATE

2025-04-20T23:35:45.969000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-32520	date:	2017-11-02T00:00:00
db:	VULHUB	id:	VHN-114834	date:	2019-10-09T00:00:00
db:	BID	id:	100672	date:	2017-09-06T00:00:00
db:	JVNDB	id:	JVNDB-2017-007988	date:	2017-10-05T00:00:00
db:	CNNVD	id:	CNNVD-201709-221	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-6631	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-32520	date:	2017-11-02T00:00:00
db:	VULHUB	id:	VHN-114834	date:	2017-09-07T00:00:00
db:	BID	id:	100672	date:	2017-09-06T00:00:00
db:	JVNDB	id:	JVNDB-2017-007988	date:	2017-10-05T00:00:00
db:	CNNVD	id:	CNNVD-201709-221	date:	2017-09-12T00:00:00
db:	NVD	id:	CVE-2017-6631	date:	2017-09-07T21:29:00.693