// For flags

CVE-2017-6633

 

Severity Score

7.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A vulnerability in the TCP throttling process of Cisco UCS C-Series Rack Servers 3.0(0.234) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate-limiting protection. An attacker could exploit this vulnerability by sending a high rate of TCP SYN packets to a specific TCP listening port on an affected device. An exploit could allow the attacker to cause a specific TCP listening port to stop accepting new connections, resulting in a DoS condition. Cisco Bug IDs: CSCva65544.

Vulnerabilidad en el proceso de limitación de TCP de Cisco UCS C-Series Rack Servers 3.0 (0.234) podría permitir a un atacante remoto no autenticado causar una condición de denegación de servicio (DoS) en un dispositivo afectado. La vulnerabilidad se debe a la insuficiencia de la limitación de la protección. Un atacante podría explotar esta vulnerabilidad enviando una alta tasa de paquetes TCP SYN a un puerto de escucha TCP específico en un dispositivo afectado. Un exploit podría permitir al atacante hacer que un puerto de escucha específico de TCP dejara de aceptar nuevas conexiones, resultando en una condición DoS. ID de errores de Cisco: CSCva65544.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-03-09 CVE Reserved
  • 2017-05-22 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-05 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
Unified Computing System
Search vendor "Cisco" for product "Unified Computing System"
3.0\(0.234\)
Search vendor "Cisco" for product "Unified Computing System" and version "3.0\(0.234\)"
-
Affected
in Cisco
Search vendor "Cisco"
Ucs C220 M4 Rack Server
Search vendor "Cisco" for product "Ucs C220 M4 Rack Server"
--
Safe
Cisco
Search vendor "Cisco"
Unified Computing System
Search vendor "Cisco" for product "Unified Computing System"
3.0\(0.234\)
Search vendor "Cisco" for product "Unified Computing System" and version "3.0\(0.234\)"
-
Affected
in Cisco
Search vendor "Cisco"
Ucs C240 M4 Rack Server
Search vendor "Cisco" for product "Ucs C240 M4 Rack Server"
--
Safe
Cisco
Search vendor "Cisco"
Unified Computing System
Search vendor "Cisco" for product "Unified Computing System"
3.0\(0.234\)
Search vendor "Cisco" for product "Unified Computing System" and version "3.0\(0.234\)"
-
Affected
in Cisco
Search vendor "Cisco"
Ucs C3160 Rack Server
Search vendor "Cisco" for product "Ucs C3160 Rack Server"
--
Safe
Cisco
Search vendor "Cisco"
Unified Computing System
Search vendor "Cisco" for product "Unified Computing System"
3.0\(0.234\)
Search vendor "Cisco" for product "Unified Computing System" and version "3.0\(0.234\)"
-
Affected
in Cisco
Search vendor "Cisco"
Ucs C460 M4 Rack Server
Search vendor "Cisco" for product "Ucs C460 M4 Rack Server"
--
Safe