CVE-2017-6627

Warning

EPSS 10.89%
Published 07.09.2017 21:29:00
Last modified 20.04.2025 01:37:25
Source psirt@cisco.com
Teams watchlist Login
Open Login

A vulnerability in the UDP processing code of Cisco IOS 15.1, 15.2, and 15.4 and IOS XE 3.14 through 3.18 could allow an unauthenticated, remote attacker to cause the input queue of an affected system to hold UDP packets, causing an interface queue wedge and a denial of service (DoS) condition. The vulnerability is due to Cisco IOS Software application changes that create UDP sockets and leave the sockets idle without closing them. An attacker could exploit this vulnerability by sending UDP packets with a destination port of 0 to an affected device. A successful exploit could allow the attacker to cause UDP packets to be held in the input interfaces queue, resulting in a DoS condition. The input interface queue will stop holding UDP packets when it receives 250 packets. Cisco Bug IDs: CSCup10024, CSCva55744, CSCva95506.

Affected products Warnungen 1 Metrics 4 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Ios Xe Version3.14.0s

Cisco ≫ Ios Xe Version3.14.1s

Cisco ≫ Ios Xe Version3.14.2s

Cisco ≫ Ios Xe Version3.14.3s

Cisco ≫ Ios Xe Version3.14.4s

Cisco ≫ Ios Xe Version3.15.0s

Cisco ≫ Ios Xe Version3.15.1cs

Cisco ≫ Ios Xe Version3.15.1s

Cisco ≫ Ios Xe Version3.15.2s

Cisco ≫ Ios Xe Version3.15.3s

Cisco ≫ Ios Xe Version3.15.4s

Cisco ≫ Ios Xe Version3.16.0cs

Cisco ≫ Ios Xe Version3.16.0s

Cisco ≫ Ios Xe Version3.16.1as

Cisco ≫ Ios Xe Version3.16.1s

Cisco ≫ Ios Xe Version3.16.2as

Cisco ≫ Ios Xe Version3.16.2bs

Cisco ≫ Ios Xe Version3.16.2s

Cisco ≫ Ios Xe Version3.16.3as

Cisco ≫ Ios Xe Version3.16.3s

Cisco ≫ Ios Xe Version3.16.4as

Cisco ≫ Ios Xe Version3.16.4bs

Cisco ≫ Ios Xe Version3.16.4ds

Cisco ≫ Ios Xe Version3.16.4s

Cisco ≫ Ios Xe Version3.16.5s

Cisco ≫ Ios Xe Version3.16.6s

Cisco ≫ Ios Xe Version3.17.0s

Cisco ≫ Ios Xe Version3.17.1as

Cisco ≫ Ios Xe Version3.17.1s

Cisco ≫ Ios Xe Version3.17.3s

Cisco ≫ Ios Xe Version3.18.0as

Cisco ≫ Ios Xe Version3.18.0s

Cisco ≫ Ios Xe Version3.18.1s

Cisco ≫ Ios Xe Version3.18.2s

Cisco ≫ Ios Xe Version3.18.3s

Cisco ≫ Ios Xe Version3.18.3vs

03.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Cisco IOS Software and Cisco IOS XE Software UDP Packet Processing Denial-of-Service Vulnerability

Vulnerability

A vulnerability in the UDP processing code of Cisco IOS and IOS XE could allow an unauthenticated, remote attacker to cause the input queue of an affected system to hold UDP packets, causing an interface queue wedge and denial of service.

Description

Apply updates per vendor instructions.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	10.89%	0.927

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-404 Improper Resource Shutdown or Release

The product does not release or incorrectly releases a resource before it is made available for re-use.

http://www.securityfocus.com/bid/100644

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1039289

Third Party Advisory

VDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-ios-udp

Vendor Advisory

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2017-6627

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-6627

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-6627

EUVD