CVE-2017-6633 - OpenCVE

A vulnerability in the TCP throttling process of Cisco UCS C-Series Rack Servers 3.0(0.234) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate-limiting protection. An attacker could exploit this vulnerability by sending a high rate of TCP SYN packets to a specific TCP listening port on an affected device. An exploit could allow the attacker to cause a specific TCP listening port to stop accepting new connections, resulting in a DoS condition. Cisco Bug IDs: CSCva65544.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Ucs C220 M4 Rack Server Ucs C240 M4 Rack Server Ucs C3160 Rack Server Ucs C460 M4 Rack Server Unified Computing System

Configuration 1 [-]

AND

cpe:2.3:a:cisco:unified_computing_system:3.0\(0.234\):*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:ucs_c220_m4_rack_server:-:::::::*
	cpe:2.3:h:cisco:ucs_c240_m4_rack_server:-:::::::*
	cpe:2.3:h:cisco:ucs_c3160_rack_server:-:::::::*
	cpe:2.3:h:cisco:ucs_c460_m4_rack_server:-:::::::*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/98525
http://www.securitytracker.com/id/1038513
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-ucsc

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2017-05-22T01:00:00

Updated: 2024-08-05T15:33:20.472Z

Reserved: 2017-03-09T00:00:00

Link: CVE-2017-6633

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-05-22T01:29:00.273

Modified: 2017-07-08T01:29:13.927

Link: CVE-2017-6633

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Cisco UCS C-Series Rack Servers", "vendor": "n/a", "versions": [{"status": "affected", "version": "Cisco UCS C-Series Rack Servers"}]}], "datePublic": "2017-05-21T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the TCP throttling process of Cisco UCS C-Series Rack Servers 3.0(0.234) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate-limiting protection. An attacker could exploit this vulnerability by sending a high rate of TCP SYN packets to a specific TCP listening port on an affected device. An exploit could allow the attacker to cause a specific TCP listening port to stop accepting new connections, resulting in a DoS condition. Cisco Bug IDs: CSCva65544."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-119", "description": "CWE-119", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2017-07-07T09:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "1038513", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1038513"}, {"name": "98525", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/98525"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-ucsc"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2017-6633", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco UCS C-Series Rack Servers", "version": {"version_data": [{"version_value": "Cisco UCS C-Series Rack Servers"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the TCP throttling process of Cisco UCS C-Series Rack Servers 3.0(0.234) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate-limiting protection. An attacker could exploit this vulnerability by sending a high rate of TCP SYN packets to a specific TCP listening port on an affected device. An exploit could allow the attacker to cause a specific TCP listening port to stop accepting new connections, resulting in a DoS condition. Cisco Bug IDs: CSCva65544."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-119"}]}]}, "references": {"reference_data": [{"name": "1038513", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038513"}, {"name": "98525", "refsource": "BID", "url": "http://www.securityfocus.com/bid/98525"}, {"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-ucsc", "refsource": "CONFIRM", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-ucsc"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T15:33:20.472Z"}, "title": "CVE Program Container", "references": [{"name": "1038513", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1038513"}, {"name": "98525", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/98525"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-ucsc"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2017-6633", "datePublished": "2017-05-22T01:00:00", "dateReserved": "2017-03-09T00:00:00", "dateUpdated": "2024-08-05T15:33:20.472Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unified_computing_system:3.0\\(0.234\\):*:*:*:*:*:*:*", "matchCriteriaId": "E07F70AD-B096-421F-9E67-2B047023B1A8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ucs_c220_m4_rack_server:-:*:*:*:*:*:*:*", "matchCriteriaId": "F44380FC-71DA-46ED-B143-339EA81F5325", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ucs_c240_m4_rack_server:-:*:*:*:*:*:*:*", "matchCriteriaId": "24DE28E4-C9BD-4710-A6CA-AC171804AFC7", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ucs_c3160_rack_server:-:*:*:*:*:*:*:*", "matchCriteriaId": "66B6516F-D8A5-4A5A-B7EB-EBA2856F2334", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:ucs_c460_m4_rack_server:-:*:*:*:*:*:*:*", "matchCriteriaId": "4A7939EC-521A-434C-B990-7DA4D227140C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the TCP throttling process of Cisco UCS C-Series Rack Servers 3.0(0.234) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate-limiting protection. An attacker could exploit this vulnerability by sending a high rate of TCP SYN packets to a specific TCP listening port on an affected device. An exploit could allow the attacker to cause a specific TCP listening port to stop accepting new connections, resulting in a DoS condition. Cisco Bug IDs: CSCva65544."}, {"lang": "es", "value": "Vulnerabilidad en el proceso de limitaci\u00f3n de TCP de Cisco UCS C-Series Rack Servers 3.0 (0.234) podr\u00eda permitir a un atacante remoto no autenticado causar una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en un dispositivo afectado. La vulnerabilidad se debe a la insuficiencia de la limitaci\u00f3n de la protecci\u00f3n. Un atacante podr\u00eda explotar esta vulnerabilidad enviando una alta tasa de paquetes TCP SYN a un puerto de escucha TCP espec\u00edfico en un dispositivo afectado. Un exploit podr\u00eda permitir al atacante hacer que un puerto de escucha espec\u00edfico de TCP dejara de aceptar nuevas conexiones, resultando en una condici\u00f3n DoS. ID de errores de Cisco: CSCva65544."}], "id": "CVE-2017-6633", "lastModified": "2017-07-08T01:29:13.927", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-05-22T01:29:00.273", "references": [{"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/98525"}, {"source": "ykramarz@cisco.com", "url": "http://www.securitytracker.com/id/1038513"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-ucsc"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-119"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}