Search
On this page ▾
CVE-2017-6738 — Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability

CVE-2017-6738

Cisco IOS and IOS XE — SNMP Subsystem Buffer Overflow (Variant 3) Enables Authenticated RCE or Device Reload; Part of cisco-sa-20170629-snmp; HIGH 8.8
⚠️ CVSS 3.1  8.8 / 10 — HIGH 🔴 CISA Known Exploited Vulnerability

What Is Cisco IOS SNMP?

CVE-2017-6738 is one of multiple distinct buffer overflow vulnerabilities in the Cisco IOS and IOS XE SNMP subsystem disclosed in June 2017 advisory cisco-sa-20170629-snmp. Each CVE in this advisory (6736–6744) represents a separate OID-specific buffer overflow. All require SNMP authentication and are addressed by the same IOS software update.

Overview

Actively Exploited. This vulnerability has been added to CISA's Known Exploited Vulnerabilities (KEV) Catalog on March 3, 2022. Federal agencies are required to apply mitigations per BOD 22-01.

CVE-2017-6738 is a buffer overflow in a specific SNMP OID handler in Cisco IOS and IOS XE. An attacker with valid SNMP credentials can send a crafted SNMP packet to execute code on the device or cause it to reload. All CVEs in advisory cisco-sa-20170629-snmp (6736–6744) are addressed by the same IOS software update. See CVE-2017-6736 for full context on this advisory.

Affected Versions

Cisco IOS and IOS XE with SNMP enabled. Use cisco-sa-20170629-snmp and the Cisco IOS Software Checker for specific version identification.

Technical Details

CVE-2017-6738 is a buffer overflow (CWE-119) in the handler for a specific SNMP OID. Exploitation requires valid SNMP credentials. A crafted SNMP packet triggers the overflow enabling code execution or reload.

Attribute Detail
Attack Vector Network — SNMP (UDP port 161)
Authentication SNMP credentials required (PR:L)
Advisory cisco-sa-20170629-snmp (shared with CVE-2017-6736, 6737, 6739–6744)

Remediation

CISA BOD 22-01 Deadline: March 24, 2022. Apply updates per vendor instructions.

Apply Cisco IOS security update per cisco-sa-20170629-snmp. Additionally: disable SNMP if not required, use SNMPv3 with authpriv, apply SNMP ACLs, and change default community strings. See CVE-2017-6736 for detailed remediation steps.

Key Details

PropertyValue
CVE ID CVE-2017-6738
Vendor / Product Cisco — IOS and IOS XE Software
NVD Published2017-07-17
NVD Last Modified2025-10-22
CVSS 3.1 Score8.8
CVSS 3.1 VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
SeverityHIGH
CWE CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer find similar ↗
CISA KEV Added2022-03-03
CISA KEV Deadline2022-03-24
Known Ransomware Use No

CVSS 3.1 Breakdown

Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Required Action

CISA BOD 22-01 Deadline: 2022-03-24. Apply updates per vendor instructions.

Timeline

DateEvent
2017-06-29Cisco releases advisory cisco-sa-20170629-snmp covering multiple SNMP RCE vulnerabilities including CVE-2017-6738
2017-07-17CVE-2017-6738 published by NVD
2022-03-03Added to CISA Known Exploited Vulnerabilities catalog
2022-03-24CISA BOD 22-01 remediation deadline

References

ResourceType
NVD — CVE-2017-6738 Vulnerability Database
CISA KEV Catalog Entry US Government
Cisco Security Advisory cisco-sa-20170629-snmp Vendor Advisory

Last updated: 2026-05-25

Suggest an update ↗

Gavin Hollinger & AI assembled this air-gap friendly HTML