CVE-2017-6678Improper Handling of Exceptional Conditions in Cisco Virtualized Packet Core

CWE-399CWE-755Improper Handling of Exceptional Conditions4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.5%
top 34.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Virtualized Packet Core
Timeline
PublishedJun 26
Latest updateMay 13

Description

A vulnerability in the ingress UDP packet processing functionality of Cisco Virtualized Packet Core-Distributed Instance (VPC-DI) Software 19.2 through 21.0 could allow an unauthenticated, remote attacker to cause both control function (CF) instances on an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient handling of user-supplied data by the affected software. An attacker could exploit this vulnerability by sending crafted UDP

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-v4pq-j6r7-9qhv: A vulnerability in the ingress UDP packet processing functionality of Cisco Virtualized Packet Core-Distributed Instance (VPC-DI) Software 192022-05-13
CVEList
CVE-2017-6678: A vulnerability in the ingress UDP packet processing functionality of Cisco Virtualized Packet Core-Distributed Instance (VPC-DI) Software 192017-06-26

📋Vendor Advisories

1
Cisco
Cisco Virtualized Packet Core-Distributed Instance Denial of Service Vulnerability2017-06-21
CVE-2017-6678 — Cisco vulnerability | cvebase