When processing authentication attempts for control-plane users, mcpd leaks a small amount of memory. Under rare conditions, attackers with access to the management interface can eventually deplete memory on the system. (CVE-2019-6647)
Impact
Repeated failed authentication attempts progressively increase memory usage, potentially leading to a fail-over event when memory is exhausted. The rate of memory use increase is small, but an attack at scale may trigger low-memory conditions eventually depleting memory and affecting the operation of the Traffic Management Microkernel (TMM) and other components.