⚠ Actively exploited
Added to CISA KEV on 2022-03-03. Federal agencies required to patch by 2022-03-24. Required action: Apply updates per vendor instructions..

CVE-2017-6627Improper Resource Shutdown or Release in Cisco IOS

CWE-399CWE-404Improper Resource Shutdown or Release6 documents6 sources
Severity
7.5HIGHNVD
EPSS
10.8%
top 6.62%
CISA KEV
KEV
Added 2022-03-03
Due 2022-03-24
Exploit
Exploited in wild
Active exploitation observed
Affected products
2
Cisco IOSCisco IOS XE
Timeline
PublishedSep 7
KEV addedMar 3
KEV dueMar 24
Latest updateMay 13
CISA Required Action: Apply updates per vendor instructions.

Description

A vulnerability in the UDP processing code of Cisco IOS 15.1, 15.2, and 15.4 and IOS XE 3.14 through 3.18 could allow an unauthenticated, remote attacker to cause the input queue of an affected system to hold UDP packets, causing an interface queue wedge and a denial of service (DoS) condition. The vulnerability is due to Cisco IOS Software application changes that create UDP sockets and leave the sockets idle without closing them. An attacker could exploit this vulnerability by sending UDP pack

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDcisco/ios35 versions+34
NVDcisco/ios_xe36 versions+35

🔴Vulnerability Details

3
GHSA
GHSA-c93x-vxh6-pfqp: A vulnerability in the UDP processing code of Cisco IOS 152022-05-13
CVEList
CVE-2017-6627: A vulnerability in the UDP processing code of Cisco IOS 152017-09-07
VulnCheck
Cisco IOS Software and Cisco IOS XE Software UDP Packet Processing Denial-of-Service Vulnerability2017

📋Vendor Advisories

2
CISA
Cisco IOS Software and Cisco IOS XE Software UDP Packet Processing Denial-of-Service Vulnerability2022-03-03
Cisco
Cisco IOS and Cisco IOS XE Software UDP Packet Processing Denial of Service Vulnerability2017-09-06
CVE-2017-6627 — Improper Resource Shutdown or Release | cvebase