CVE-2017-6653

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A vulnerability in the TCP throttling process for the GUI of the Cisco Identity Services Engine (ISE) 2.1(0.474) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device where the ISE GUI may fail to respond to new or established connection requests. The vulnerability is due to insufficient TCP rate limiting protection on the GUI. An attacker could exploit this vulnerability by sending the affected device a high rate of TCP connections to the GUI. An exploit could allow the attacker to cause the GUI to stop responding while the high rate of connections is in progress. Cisco Bug IDs: CSCvc81803.

Una vulnerabilidad en el proceso de limitación de TCP para la GUI de Identity Services Engine (ISE) versión 2.1(0.474) de Cisco, podría permitir a un atacante no autenticado remoto causar una condición de denegación de servicio (DoS) en un dispositivo afectado en el que la GUI de ISE puede cometer fallos para responder a peticiones de conexión nuevas o establecidas. La vulnerabilidad es debido a una protección de limitación de velocidad de TCP insuficiente en la GUI. Un atacante podría explotar esta vulnerabilidad mediante el envío del dispositivo afectado de una alta tasa de conexiones TCP hacia la GUI. Una explotación podría permitir al atacante hacer que la GUI deje de responder mientras la alta tasa de conexiones está en progreso. IDs de Bug de Cisco: CSCvc81803.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-03-09 CVE Reserved
2017-05-22 CVE Published
2023-03-07 EPSS Updated
2024-08-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-399: Resource Management Errors
CWE-770: Allocation of Resources Without Limits or Throttling

CAPEC

References (3)

URL	Tag	Source
http://www.securityfocus.com/bid/98536	Third Party Advisory
http://www.securitytracker.com/id/1038516	Vdb Entry

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-ise	2019-10-03

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"		Identity Services Engine Search vendor "Cisco" for product "Identity Services Engine"				2.1\(0.474\) Search vendor "Cisco" for product "Identity Services Engine" and version "2.1\(0.474\)"		-		Affected