Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveCiscoCVE-2017-6678
HistoryJun 26, 2017 - 7:29 a.m.

CVE-2017-6678

2017-06-2607:29:00
CWE-755
CWE-399
cisco
web.nvd.nist.gov
28
cisco
virtualized
packet core
vpc-di
software
vulnerability
dos
udp
cve-2017-6678
nvd
exploit
ipv4
cisco bug ids
cscvc01665
cscvc35565

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

48.1%

JSON

A vulnerability in the ingress UDP packet processing functionality of Cisco Virtualized Packet Core-Distributed Instance (VPC-DI) Software 19.2 through 21.0 could allow an unauthenticated, remote attacker to cause both control function (CF) instances on an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient handling of user-supplied data by the affected software. An attacker could exploit this vulnerability by sending crafted UDP packets to the distributed instance (DI) network addresses of both CF instances on an affected system. A successful exploit could allow the attacker to cause an unhandled error condition on the affected system, which would cause the CF instances to reload and consequently cause the entire VPC to reload, resulting in the disconnection of all subscribers and a DoS condition on the affected system. This vulnerability can be exploited via IPv4 traffic only. Cisco Bug IDs: CSCvc01665 CSCvc35565.

Affected configurations

Nvd
Node
ciscovirtualized_packet_coreMatchv19.2_base
OR
ciscovirtualized_packet_coreMatchv19.3_base
OR
ciscovirtualized_packet_coreMatchv20.0_base
OR
ciscovirtualized_packet_coreMatchv20.1_base
OR
ciscovirtualized_packet_coreMatchv20.2_base
OR
ciscovirtualized_packet_coreMatchv21.0_base
VendorProductVersionCPE
ciscovirtualized_packet_corev19.2_basecpe:2.3:a:cisco:virtualized_packet_core:v19.2_base:*:*:*:*:*:*:*
ciscovirtualized_packet_corev19.3_basecpe:2.3:a:cisco:virtualized_packet_core:v19.3_base:*:*:*:*:*:*:*
ciscovirtualized_packet_corev20.0_basecpe:2.3:a:cisco:virtualized_packet_core:v20.0_base:*:*:*:*:*:*:*
ciscovirtualized_packet_corev20.1_basecpe:2.3:a:cisco:virtualized_packet_core:v20.1_base:*:*:*:*:*:*:*
ciscovirtualized_packet_corev20.2_basecpe:2.3:a:cisco:virtualized_packet_core:v20.2_base:*:*:*:*:*:*:*
ciscovirtualized_packet_corev21.0_basecpe:2.3:a:cisco:virtualized_packet_core:v21.0_base:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Cisco Virtualized Packet Core-Distributed Instance",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco Virtualized Packet Core-Distributed Instance"
      }
    ]
  }
]

Related

cisco 1
cvelist 1
prion 1
nvd 1
cisco
cisco
Cisco Virtualized Packet Core-Distributed Instance Denial of Service Vulnerability
2017-06-21 16:00:00
cvelist
cvelist
CVE-2017-6678
2017-06-26 07:00:00
prion
prion
Race condition
2017-06-26 07:29:00
nvd
nvd
CVE-2017-6678
2017-06-26 07:29:00

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

48.1%

JSON
Related for CVE-2017-6678
cisco1cvelist1prion1nvd1