CVE-2017-6740 — Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability

What Is Cisco IOS SNMP?

CVE-2017-6740 is one of multiple distinct buffer overflow vulnerabilities in the Cisco IOS and IOS XE SNMP subsystem disclosed in June 2017 advisory cisco-sa-20170629-snmp. Each CVE represents a separate OID-specific buffer overflow. All require SNMP authentication and are addressed by the same IOS software update.

Overview

Actively Exploited. This vulnerability has been added to CISA's Known Exploited Vulnerabilities (KEV) Catalog on March 3, 2022. Federal agencies are required to apply mitigations per BOD 22-01.

CVE-2017-6740 is a buffer overflow in a specific SNMP OID handler in Cisco IOS and IOS XE that can allow code execution or device reload. An attacker with valid SNMP credentials can send a crafted SNMP packet referencing the vulnerable OID. All CVEs in advisory cisco-sa-20170629-snmp are addressed by the same IOS software update. See CVE-2017-6736 for full context.

Affected Versions

Cisco IOS and IOS XE with SNMP enabled. Use cisco-sa-20170629-snmp and the Cisco IOS Software Checker for specific version identification.

Technical Details

CVE-2017-6740 is a buffer overflow (CWE-119) in a specific SNMP OID handler. A crafted SNMP packet from an authenticated attacker triggers code execution or device reload.

Attribute	Detail
Attack Vector	Network — SNMP (UDP port 161)
Authentication	SNMP credentials required (PR:L)
Advisory	cisco-sa-20170629-snmp (shared with CVE-2017-6736 through 6744)

Remediation

CISA BOD 22-01 Deadline: March 24, 2022. Apply updates per vendor instructions.

Apply Cisco IOS security update per cisco-sa-20170629-snmp. Additionally: disable SNMP if not required, use SNMPv3 with authpriv, apply SNMP ACLs, and change default community strings. See CVE-2017-6736 for detailed remediation steps.

Key Details

Property	Value
CVE ID	CVE-2017-6740
Vendor / Product	Cisco — IOS and IOS XE Software
NVD Published	2017-07-17
NVD Last Modified	2025-10-22
CVSS 3.1 Score	8.8
CVSS 3.1 Vector	`CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H`
Severity	HIGH
CWE	CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer find similar ↗
CISA KEV Added	2022-03-03
CISA KEV Deadline	2022-03-24
Known Ransomware Use	No

Property

Value

CVE ID

CVE-2017-6740

Vendor / Product

Cisco — IOS and IOS XE Software

NVD Published

2017-07-17

NVD Last Modified

2025-10-22

CVSS 3.1 Score

8.8

CVSS 3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity

HIGH

CWE

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer find similar ↗

CISA KEV Added

2022-03-03

CISA KEV Deadline

2022-03-24

Known Ransomware Use

CVSS 3.1 Breakdown

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Timeline

Date	Event
2017-06-29	Cisco releases advisory cisco-sa-20170629-snmp covering multiple SNMP RCE vulnerabilities including CVE-2017-6740
2017-07-17	CVE-2017-6740 published by NVD
2022-03-03	Added to CISA Known Exploited Vulnerabilities catalog
2022-03-24	CISA BOD 22-01 remediation deadline

Date

Event

2017-06-29

Cisco releases advisory cisco-sa-20170629-snmp covering multiple SNMP RCE vulnerabilities including CVE-2017-6740

2017-07-17

CVE-2017-6740 published by NVD

2022-03-03

Added to CISA Known Exploited Vulnerabilities catalog

2022-03-24

CISA BOD 22-01 remediation deadline

References

Resource	Type
NVD — CVE-2017-6740	Vulnerability Database
CISA KEV Catalog Entry	US Government
Cisco Security Advisory cisco-sa-20170629-snmp	Vendor Advisory

Resource

Type

NVD — CVE-2017-6740

Vulnerability Database

CISA KEV Catalog Entry

US Government

Cisco Security Advisory cisco-sa-20170629-snmp

Vendor Advisory