Details of VAR-201709-1071

ID

VAR-201709-1071

CVE

CVE-2017-6627

TITLE

Cisco IOS and IOS XE Vulnerability in improper shutdown and release of resources in

Trust: 0.8

sources: JVNDB: JVNDB-2017-007841

DESCRIPTION

A vulnerability in the UDP processing code of Cisco IOS 15.1, 15.2, and 15.4 and IOS XE 3.14 through 3.18 could allow an unauthenticated, remote attacker to cause the input queue of an affected system to hold UDP packets, causing an interface queue wedge and a denial of service (DoS) condition. The vulnerability is due to Cisco IOS Software application changes that create UDP sockets and leave the sockets idle without closing them. An attacker could exploit this vulnerability by sending UDP packets with a destination port of 0 to an affected device. A successful exploit could allow the attacker to cause UDP packets to be held in the input interfaces queue, resulting in a DoS condition. The input interface queue will stop holding UDP packets when it receives 250 packets. Cisco Bug IDs: CSCup10024, CSCva55744, CSCva95506. Cisco IOS and IOS XE contains a vulnerability related to improper shutdown and release of resources. Vendors must Bug ID CSCup10024 , CSCva55744 ,and CSCva95506 It is published as.Service operation interruption (DoS) It may be in a state. Both Cisco IOS and IOSXE are operating systems developed by Cisco for its network devices. UDPprocessing is one of the UDP (User Datagram Protocol) protocol handlers. Attackers can exploit this issue to crash the affected application, denying service to legitimate users

Trust: 2.61

sources: NVD: CVE-2017-6627 // JVNDB: JVNDB-2017-007841 // CNVD: CNVD-2017-32521 // BID: 100644 // VULHUB: VHN-114830 // VULMON: CVE-2017-6627

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-32521

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	eq	version:	15.1\(2\)gc2	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.4\(3\)m3	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.4\(1\)t2	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.15.1s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.4as	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.1\(4\)gc	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.4\(3\)m6a	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.14.1s	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(4\)gc2	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(3\)gc	Trust: 1.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.4\(2\)t1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(1\)gc2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.1as	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.1s	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.1\(2\)gc1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.1\(4\)gc2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.3s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.14.0s	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.4\(3\)m1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(2\)gc	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(4\)gc	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.4\(3\)m4	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.15.0s	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.4\(1\)t	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.4\(3\)m2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.2as	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.4s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.0as	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.0cs	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.15.4s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.4bs	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.4\(3\)m5	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(4\)gc1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.3s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.4ds	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.3vs	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.15.2s	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.4\(1\)t4	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.14.3s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.15.1cs	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.17.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.17.1as	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.14.4s	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.4\(3\)m7	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.4\(3\)m	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.15.3s	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(3r\)gca	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.4\(3\)m2.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.2s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.5s	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.4\(3\)m6	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.4\(2\)t	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.14.2s	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.4\(1\)t1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.4\(2\)t2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.3as	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(1\)gc	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.6s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.0s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.17.3s	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.1\(4\)gc1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(1\)gc1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.2bs	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.1\(2\)gc	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.17.0s	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(3\)gc1	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.2\(4\)gc3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.2s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.0s	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.4\(1\)t3	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco ios xe	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	cisco ios	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ios	scope:	eq	version:	15.4	Trust: 0.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.1	Trust: 0.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.2	Trust: 0.6
vendor:	cisco	model:	ios xe	scope:	gte	version:	3.14<=3.18	Trust: 0.6
vendor:	cisco	model:	ios	scope:	eq	version:	16.3(1)	Trust: 0.3
vendor:	cisco	model:	ios 15.4 t	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	ios	scope:	ne	version:	16.3.3	Trust: 0.3
vendor:	cisco	model:	ios 16.3.3a	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios	scope:	ne	version:	16.3(2.21)	Trust: 0.3
vendor:	cisco	model:	ios 15.4 m8	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.4 t3	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	ios 15.4 t2.1	scope:	ne	version:	-	Trust: 0.3

sources: CNVD: CNVD-2017-32521 // BID: 100644 // JVNDB: JVNDB-2017-007841 // CNNVD: CNNVD-201709-222 // NVD: CVE-2017-6627

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-6627
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-6627
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-32521
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201709-222
value:	HIGH
Trust: 0.6
VULHUB:	VHN-114830
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2017-6627
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-6627
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2017-32521
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-114830
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-6627
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2017-6627
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2017-32521 // VULHUB: VHN-114830 // VULMON: CVE-2017-6627 // JVNDB: JVNDB-2017-007841 // CNNVD: CNNVD-201709-222 // NVD: CVE-2017-6627

PROBLEMTYPE DATA

problemtype:	CWE-399	Trust: 1.1
problemtype:	CWE-404	Trust: 1.1
problemtype:	Improper shutdown and release of resources (CWE-404) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-114830 // JVNDB: JVNDB-2017-007841 // NVD: CVE-2017-6627

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201709-222

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201709-222

PATCH

title:	cisco-sa-20170906-ios-udp	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-ios-udp	Trust: 0.8
title:	Patch for Cisco IOS and Cisco IOSXE Denial of Service Vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/104343	Trust: 0.6
title:	Cisco IOS and IOS XE Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74577	Trust: 0.6
title:	Cisco: Cisco IOS and Cisco IOS XE Software UDP Packet Processing Denial of Service Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20170906-ios-udp	Trust: 0.1
title:	Known Exploited Vulnerabilities Detector	url:	https://github.com/Ostorlab/KEV	Trust: 0.1

sources: CNVD: CNVD-2017-32521 // VULMON: CVE-2017-6627 // JVNDB: JVNDB-2017-007841 // CNNVD: CNNVD-201709-222

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6627	Trust: 4.3
db:	BID	id:	100644	Trust: 2.7
db:	SECTRACK	id:	1039289	Trust: 1.8
db:	JVNDB	id:	JVNDB-2017-007841	Trust: 0.8
db:	CNNVD	id:	CNNVD-201709-222	Trust: 0.7
db:	CNVD	id:	CNVD-2017-32521	Trust: 0.6
db:	VULHUB	id:	VHN-114830	Trust: 0.1
db:	VULMON	id:	CVE-2017-6627	Trust: 0.1

sources: CNVD: CNVD-2017-32521 // VULHUB: VHN-114830 // VULMON: CVE-2017-6627 // BID: 100644 // JVNDB: JVNDB-2017-007841 // CNNVD: CNNVD-201709-222 // NVD: CVE-2017-6627

REFERENCES

url:	http://www.securityfocus.com/bid/100644	Trust: 2.5
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170906-ios-udp	Trust: 2.1
url:	http://www.securitytracker.com/id/1039289	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6627	Trust: 1.4
url:	https://cisa.gov/known-exploited-vulnerabilities-catalog	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/404.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170906-ios-udp	Trust: 0.1
url:	https://github.com/ostorlab/kev	Trust: 0.1

sources: CNVD: CNVD-2017-32521 // VULHUB: VHN-114830 // VULMON: CVE-2017-6627 // BID: 100644 // JVNDB: JVNDB-2017-007841 // CNNVD: CNNVD-201709-222 // NVD: CVE-2017-6627

CREDITS

Cisco.

Trust: 0.3

sources: BID: 100644

SOURCES

db:	CNVD	id:	CNVD-2017-32521
db:	VULHUB	id:	VHN-114830
db:	VULMON	id:	CVE-2017-6627
db:	BID	id:	100644
db:	JVNDB	id:	JVNDB-2017-007841
db:	CNNVD	id:	CNNVD-201709-222
db:	NVD	id:	CVE-2017-6627

LAST UPDATE DATE

2024-11-23T22:59:14.355000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-32521	date:	2017-11-02T00:00:00
db:	VULHUB	id:	VHN-114830	date:	2019-10-09T00:00:00
db:	VULMON	id:	CVE-2017-6627	date:	2019-10-09T00:00:00
db:	BID	id:	100644	date:	2017-09-06T00:00:00
db:	JVNDB	id:	JVNDB-2017-007841	date:	2024-03-06T05:48:00
db:	CNNVD	id:	CNNVD-201709-222	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-6627	date:	2024-11-21T03:30:09.710

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-32521	date:	2017-11-02T00:00:00
db:	VULHUB	id:	VHN-114830	date:	2017-09-07T00:00:00
db:	VULMON	id:	CVE-2017-6627	date:	2017-09-07T00:00:00
db:	BID	id:	100644	date:	2017-09-06T00:00:00
db:	JVNDB	id:	JVNDB-2017-007841	date:	2017-10-03T00:00:00
db:	CNNVD	id:	CNNVD-201709-222	date:	2017-09-12T00:00:00
db:	NVD	id:	CVE-2017-6627	date:	2017-09-07T21:29:00.660