Search
On this page ▾
CVE-2017-6737 — Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability

CVE-2017-6737

Cisco IOS and IOS XE — SNMP Subsystem Buffer Overflow (Variant 2) Enables Authenticated RCE or Device Reload; Part of cisco-sa-20170629-snmp; HIGH 8.8
⚠️ CVSS 3.1  8.8 / 10 — HIGH 🔴 CISA Known Exploited Vulnerability

What Is Cisco IOS SNMP?

CVE-2017-6737 is one of multiple distinct buffer overflow vulnerabilities in the Cisco IOS and IOS XE SNMP subsystem disclosed in June 2017 advisory cisco-sa-20170629-snmp. Each CVE in this advisory (6736–6744) represents a separate OID-specific buffer overflow in the SNMP implementation. All affect devices with SNMP enabled and require SNMP authentication (community string or v3 credentials).

Overview

Actively Exploited. This vulnerability has been added to CISA's Known Exploited Vulnerabilities (KEV) Catalog on March 3, 2022. Federal agencies are required to apply mitigations per BOD 22-01.

CVE-2017-6737 is a buffer overflow in a specific SNMP OID handler in Cisco IOS and IOS XE. An attacker with valid SNMP credentials can send a crafted SNMP packet referencing the vulnerable OID to execute code on the device or cause it to reload. All CVEs in advisory cisco-sa-20170629-snmp (6736–6744) are addressed by the same IOS software update. See CVE-2017-6736 for full context on this advisory and the SNMP exploitation context.

Affected Versions

Cisco IOS and IOS XE with SNMP enabled. Use cisco-sa-20170629-snmp and the Cisco IOS Software Checker for specific version identification.

Technical Details

CVE-2017-6737 is a buffer overflow (CWE-119) in the handler for a specific SNMP OID in the Cisco IOS SNMP subsystem. Exploitation requires a valid SNMP community string (SNMPv1/v2c) or SNMPv3 user credentials. A crafted SNMP packet targeting the vulnerable OID triggers the overflow, potentially enabling code execution or device reload.

Attribute Detail
Attack Vector Network — SNMP (UDP port 161)
Authentication SNMP credentials required (PR:L)
Advisory cisco-sa-20170629-snmp (shared with CVE-2017-6736, 6738–6744)

Remediation

CISA BOD 22-01 Deadline: March 24, 2022. Apply updates per vendor instructions.

Apply Cisco IOS security update per cisco-sa-20170629-snmp — this advisory addresses all SNMP buffer overflow CVEs (6736–6744) in a single patch. Additionally:

  1. Disable SNMP if not required (no snmp-server)
  2. Use SNMPv3 with authpriv security level to replace community strings
  3. Apply SNMP ACLs restricting access to trusted management hosts
  4. Change all default SNMP community strings ("public", "private")

Key Details

PropertyValue
CVE ID CVE-2017-6737
Vendor / Product Cisco — IOS and IOS XE Software
NVD Published2017-07-17
NVD Last Modified2025-10-22
CVSS 3.1 Score8.8
CVSS 3.1 VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
SeverityHIGH
CWE CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer find similar ↗
CISA KEV Added2022-03-03
CISA KEV Deadline2022-03-24
Known Ransomware Use No

CVSS 3.1 Breakdown

Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Required Action

CISA BOD 22-01 Deadline: 2022-03-24. Apply updates per vendor instructions.

Timeline

DateEvent
2017-06-29Cisco releases advisory cisco-sa-20170629-snmp covering multiple SNMP RCE vulnerabilities including CVE-2017-6737
2017-07-17CVE-2017-6737 published by NVD
2022-03-03Added to CISA Known Exploited Vulnerabilities catalog
2022-03-24CISA BOD 22-01 remediation deadline

References

ResourceType
NVD — CVE-2017-6737 Vulnerability Database
CISA KEV Catalog Entry US Government
Cisco Security Advisory cisco-sa-20170629-snmp Vendor Advisory

Last updated: 2026-05-25

Suggest an update ↗

Gavin Hollinger & AI assembled this air-gap friendly HTML