How severe is CVE-2017-3863?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.6 out of 10.

What type of vulnerability is CVE-2017-3863?

This is classified as CWE-119, which is a common weakness in software security.

CVE-2017-3863

HIGH Year: 2017

CVSS v3 Score

8.6

High

CVSS v2 Score

7.8

High

Weakness Type

CWE-119

View all →

Vulnerability Description

Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer overflow condition or a reload of an affected device, leading to a denial of service (DoS) condition. These vulnerabilities are due to improper parsing of crafted EnergyWise packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted EnergyWise packets to be processed by an affected device. An exploit could allow the attacker to cause a buffer overflow condition or a reload of the affected device, leading to a DoS condition. Cisco IOS Software and Cisco IOS XE Software support EnergyWise for IPv4 communication. Only IPv4 packets destined to a device configured as an EnergyWise domain member can trigger these vulnerabilities. IPv6 packets cannot be used to trigger these vulnerabilities. Cisco Bug ID CSCut50727.

CVE-2015-5259

HIGH

CVSS:8.6(High)

Integer overflow in the read_string function in libsvn_ra_svn/marshal.c in Apache Subversion 1.9.x before 1.9.3 allows remote attackers to execute arbitrary code via an svn:// protocol string, which t...

CWE-1192015

CVE-2016-4330

HIGH

CVSS:8.6(High)

In the HDF5 1.8.16 library's failure to check if the number of dimensions for an array read from the file is within the bounds of the space allocated for it, a heap-based buffer overflow will occur, p...

CWE-1192016

CVE-2016-4333

HIGH

CVSS:8.6(High)

The HDF5 1.8.16 library allocating space for the array using a value from the file has an impact within the loop for initializing said array allowing a value within the file to modify the loop's termi...

CWE-1192016

CVE-2016-5814

HIGH

CVSS:8.6(High)

Buffer overflow in Rockwell Automation RSLogix Micro Starter Lite, RSLogix Micro Developer, RSLogix 500 Starter Edition, RSLogix 500 Standard Edition, and RSLogix 500 Professional Edition allows remot...

CWE-1192016

CVE-2017-12293

HIGH

CVSS:8.6(High)

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient limitations on the...

CWE-1192017

CVE-2017-2795

HIGH

CVSS:8.6(High)

An exploitable heap corruption vulnerability exists in the Txo functionality of Antenna House DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption result...

CWE-1192017

CVE-2017-3863

Vulnerability Description

Related Vulnerabilities

CVE-2015-5259

CVE-2016-4330

CVE-2016-4333

CVE-2016-5814

CVE-2017-12293

CVE-2017-2795