CVE-2017-6633 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco Unified Computing System

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.8%

top 26.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Unified Computing System

Timeline

PublishedMay 22

Latest updateMay 17

Description

A vulnerability in the TCP throttling process of Cisco UCS C-Series Rack Servers 3.0(0.234) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate-limiting protection. An attacker could exploit this vulnerability by sending a high rate of TCP SYN packets to a specific TCP listening port on an affected device. An exploit could allow the attacker to cause a specific TCP listening port to stop…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDcisco/unified_computing_system3.0\(0.234\)

🔴Vulnerability Details

GHSA

GHSA-g9pg-mx97-6ghh: A vulnerability in the TCP throttling process of Cisco UCS C-Series Rack Servers 3↗2022-05-17

▶

CVEList

CVE-2017-6633: A vulnerability in the TCP throttling process of Cisco UCS C-Series Rack Servers 3↗2017-05-22

▶

📋Vendor Advisories

Cisco

Cisco UCS C-Series Rack Servers TCP Port Denial of Service Vulnerability↗2017-05-17

▶