Lucene search

CiscoCVE-2017-6633

HistoryMay 22, 2017 - 1:29 a.m.

CVE-2017-6633

2017-05-2201:29:00

CWE-119

cisco

web.nvd.nist.gov

cisco

ucs

c-series

rack servers

3.0.0.234

tcp

throttling

vulnerability

denial of service

dos

cisco bug id

cscva65544

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.004

Percentile

72.1%

JSON

A vulnerability in the TCP throttling process of Cisco UCS C-Series Rack Servers 3.0(0.234) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate-limiting protection. An attacker could exploit this vulnerability by sending a high rate of TCP SYN packets to a specific TCP listening port on an affected device. An exploit could allow the attacker to cause a specific TCP listening port to stop accepting new connections, resulting in a DoS condition. Cisco Bug IDs: CSCva65544.

Affected configurations

Nvd

Node

ciscounified_computing_systemMatch3.0\(0.234\)

AND

ciscoucs_c220_m4_rack_serverMatch-

ciscoucs_c240_m4_rack_serverMatch-

ciscoucs_c3160_rack_serverMatch-

ciscoucs_c460_m4_rack_serverMatch-

VendorProductVersionCPE
ciscounified_computing_system3.0(0.234)cpe:2.3:a:cisco:unified_computing_system:3.0\(0.234\):*:*:*:*:*:*:*
ciscoucs_c220_m4_rack_server-cpe:2.3:h:cisco:ucs_c220_m4_rack_server:-:*:*:*:*:*:*:*
ciscoucs_c240_m4_rack_server-cpe:2.3:h:cisco:ucs_c240_m4_rack_server:-:*:*:*:*:*:*:*
ciscoucs_c3160_rack_server-cpe:2.3:h:cisco:ucs_c3160_rack_server:-:*:*:*:*:*:*:*
ciscoucs_c460_m4_rack_server-cpe:2.3:h:cisco:ucs_c460_m4_rack_server:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	unified_computing_system	3.0(0.234)	cpe:2.3:a:cisco:unified_computing_system:3.0\(0.234\):::::::*
cisco	ucs_c220_m4_rack_server	-	cpe:2.3:h:cisco:ucs_c220_m4_rack_server:-:::::::*
cisco	ucs_c240_m4_rack_server	-	cpe:2.3:h:cisco:ucs_c240_m4_rack_server:-:::::::*
cisco	ucs_c3160_rack_server	-	cpe:2.3:h:cisco:ucs_c3160_rack_server:-:::::::*
cisco	ucs_c460_m4_rack_server	-	cpe:2.3:h:cisco:ucs_c460_m4_rack_server:-:::::::*

CNA Affected

[
  {
    "product": "Cisco UCS C-Series Rack Servers",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco UCS C-Series Rack Servers"
      }
    ]
  }
]

References

www.securityfocus.com/bid/98525

www.securitytracker.com/id/1038513

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-ucsc

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.004

Percentile

72.1%

JSON

Related for CVE-2017-6633