Date Posted: 2025/08/06

[Vulnerability Alert] High-Risk Security Vulnerabilities (CVE-2017-6736 to CVE-2017-6744) Exist in Cisco IOS and IOS XE Software. Please Verify and Patch as Soon as Possible

Subject: [Vulnerability Alert] High-Risk Security Vulnerabilities (CVE-2017-6736 to CVE-2017-6744) Exist in Cisco IOS and IOS XE Software. Please Verify and Patch as Soon as Possible

Content:
- Forwarded from National Information Security Information Sharing and Analysis Center NISAC-200-202508-00000021
- Researchers have discovered buffer overflow vulnerabilities (CVE-2017-6736 to CVE-2017-6744) in the SNMP function of Cisco IOS and IOS XE Software, which allow remote attackers with the SNMP Community String to exploit these vulnerabilities to execute arbitrary code on the device. This series of vulnerabilities was disclosed in 2017, added to the KEV list in 2022, and recently had its affected products and mitigation measures updated. Please verify and patch as soon as possible.
Affected Platforms:
- All devices using Cisco IOS and IOS XE Software with SNMP function enabled
Recommended Action:
1. The official site has released a fix for the vulnerabilities. Please refer to the official instructions for updating, the URL is as follows: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp
  - You can use the Cisco Software Checker (https://sec.cloudapps.cisco.com/security/center/softwarechecker.x ) to confirm if the current version of Cisco IOS and IOS XE Software you are using is affected.
References:

Computer and Communications Center
Network Systems Group