Sign-up

ID

VAR-201705-3655


CVE

CVE-2017-6633


TITLE

Cisco UCS C Series rack server TCP Service disruption in throttling process (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2017-004376

DESCRIPTION

A vulnerability in the TCP throttling process of Cisco UCS C-Series Rack Servers 3.0(0.234) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate-limiting protection. An attacker could exploit this vulnerability by sending a high rate of TCP SYN packets to a specific TCP listening port on an affected device. An exploit could allow the attacker to cause a specific TCP listening port to stop accepting new connections, resulting in a DoS condition. Cisco Bug IDs: CSCva65544. Vendors have confirmed this vulnerability Bug ID CSCva65544 It is released as.Remote attacker could disrupt service operation (DoS) There is a possibility of being put into a state. CiscoUCSC-SeriesRackServers are UCSC series rack servers from Cisco. A denial of service vulnerability exists in TCPthrottlingprocess in the CiscoUCSC-SeriesRackServers 3.0 (0.234) release. Cisco Unified Computing System C-Series Rack Servers are prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause a denial-of-service condition, denying service to legitimate users

Trust: 2.52

sources: NVD: CVE-2017-6633 // JVNDB: JVNDB-2017-004376 // CNVD: CNVD-2017-07504 // BID: 98525 // VULHUB: VHN-114836

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-07504

AFFECTED PRODUCTS

vendor:ciscomodel:unified computing systemscope:eqversion:3.0\(0.234\)

Trust: 1.6

vendor:ciscomodel:unified computing system softwarescope:eqversion:3.0(0.234)

Trust: 0.8

vendor:ciscomodel:ucs c-series rack serversscope:eqversion:3.0(0.234)

Trust: 0.6

vendor:ciscomodel:unified computing system c-series rack serversscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:unified computing systemscope:eqversion:3.0(0.234)

Trust: 0.3

vendor:ciscomodel:unified computing system 3.1scope:neversion: -

Trust: 0.3

vendor:ciscomodel:unified computing system 3.0scope:neversion: -

Trust: 0.3

sources: CNVD: CNVD-2017-07504 // BID: 98525 // JVNDB: JVNDB-2017-004376 // CNNVD: CNNVD-201705-912 // NVD: CVE-2017-6633

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6633
value: HIGH

Trust: 1.0

NVD: CVE-2017-6633
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-07504
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201705-912
value: MEDIUM

Trust: 0.6

VULHUB: VHN-114836
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-6633
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-07504
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-114836
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6633
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-07504 // VULHUB: VHN-114836 // JVNDB: JVNDB-2017-004376 // CNNVD: CNNVD-201705-912 // NVD: CVE-2017-6633

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-114836 // JVNDB: JVNDB-2017-004376 // NVD: CVE-2017-6633

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201705-912

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201705-912

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-004376

PATCH
title:cisco-sa-20170517-ucscurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-ucsc
Trust: 0.8
title:Patch for CiscoUCSC-SeriesRackServers Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/94436
Trust: 0.6
title:Cisco UCS C-Series Rack Servers Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70405
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-07504 // 
            
            
            
            JVNDB: JVNDB-2017-004376 // 
            
            
            
            CNNVD: CNNVD-201705-912

EXTERNAL IDS
db:NVDid:CVE-2017-6633
Trust: 3.4
db:BIDid:98525
Trust: 2.0
db:SECTRACKid:1038513
Trust: 1.1
db:JVNDBid:JVNDB-2017-004376
Trust: 0.8
db:CNNVDid:CNNVD-201705-912
Trust: 0.7
db:CNVDid:CNVD-2017-07504
Trust: 0.6
db:NSFOCUSid:36741
Trust: 0.6
db:VULHUBid:VHN-114836
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-07504 // 
            
            
            
            VULHUB: VHN-114836 // 
            
            
            
            BID: 98525 // 
            
            
            
            JVNDB: JVNDB-2017-004376 // 
            
            
            
            CNNVD: CNNVD-201705-912 // 
            
            
            
            NVD: CVE-2017-6633

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170517-ucsc
Trust: 2.6
url:http://www.securityfocus.com/bid/98525
Trust: 1.1
url:http://www.securitytracker.com/id/1038513
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6633
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6633
Trust: 0.8
url:http://www.nsfocus.net/vulndb/36741
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-07504 // 
            
            
            
            VULHUB: VHN-114836 // 
            
            
            
            BID: 98525 // 
            
            
            
            JVNDB: JVNDB-2017-004376 // 
            
            
            
            CNNVD: CNNVD-201705-912 // 
            
            
            
            NVD: CVE-2017-6633

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 98525

SOURCES
db:CNVDid:CNVD-2017-07504
db:VULHUBid:VHN-114836
db:BIDid:98525
db:JVNDBid:JVNDB-2017-004376
db:CNNVDid:CNNVD-201705-912
db:NVDid:CVE-2017-6633

LAST UPDATE DATE
2024-11-23T22:42:10.960000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-07504date:2017-05-26T00:00:00
db:VULHUBid:VHN-114836date:2017-07-08T00:00:00
db:BIDid:98525date:2017-05-17T00:00:00
db:JVNDBid:JVNDB-2017-004376date:2017-06-23T00:00:00
db:CNNVDid:CNNVD-201705-912date:2017-05-22T00:00:00
db:NVDid:CVE-2017-6633date:2024-11-21T03:30:10.683

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-07504date:2017-05-26T00:00:00
db:VULHUBid:VHN-114836date:2017-05-22T00:00:00
db:BIDid:98525date:2017-05-17T00:00:00
db:JVNDBid:JVNDB-2017-004376date:2017-06-23T00:00:00
db:CNNVDid:CNNVD-201705-912date:2017-05-22T00:00:00
db:NVDid:CVE-2017-6633date:2017-05-22T01:29:00.273