Details of VAR-201709-1081

ID

VAR-201709-1081

CVE

CVE-2017-6780

TITLE

Cisco IoT Field Network Director Resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-007989

DESCRIPTION

A vulnerability in the TCP throttling process for Cisco IoT Field Network Director (IoT-FND) could allow an unauthenticated, remote attacker to cause the system to consume additional memory, eventually forcing the device to restart, aka Memory Exhaustion. The vulnerability is due to insufficient rate-limiting protection. An attacker could exploit this vulnerability by sending a high rate of TCP packets to a specific group of open listening ports on a targeted device. An exploit could allow the attacker to cause the system to consume additional memory. If enough available memory is consumed, the system will restart, creating a temporary denial of service (DoS) condition. The DoS condition will end after the device has finished the restart process. This vulnerability affects the following Cisco products: Connected Grid Network Management System, if running a software release prior to IoT-FND Release 4.0; IoT Field Network Director, if running a software release prior to IoT-FND Release 4.0. Cisco Bug IDs: CSCvc77164. Vendors have confirmed this vulnerability Bug ID CSCvc77164 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. The system has functions such as equipment management, asset tracking and intelligent metering. Prior to Cisco IoT-FND 4.0, the TCP throttling process had a denial of service vulnerability, which originated from the program's insufficient execution rate limiting protection. Successful exploitation of the issue will cause excessive memory consumption and restart the affected application, resulting in a denial-of-service condition

Trust: 3.06

sources: NVD: CVE-2017-6780 // JVNDB: JVNDB-2017-007989 // CNVD: CNVD-2017-32525 // CNNVD: CNNVD-201709-220 // BID: 100641 // VULHUB: VHN-114983

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-32525

AFFECTED PRODUCTS

vendor:	cisco	model:	iot field network director	scope:	lte	version:	3.2.0-182	Trust: 1.0
vendor:	cisco	model:	connected grid network management system	scope:	lte	version:	3.0\(0.54\)	Trust: 1.0
vendor:	cisco	model:	connected grid network management system	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	iot field network director	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	iot field network director	scope:	lt	version:	4.0	Trust: 0.6
vendor:	cisco	model:	connected grid network management system	scope:	eq	version:	3.0\(0.54\)	Trust: 0.6
vendor:	cisco	model:	iot field network director	scope:	eq	version:	3.2.0-182	Trust: 0.6
vendor:	cisco	model:	network level service	scope:	eq	version:	3.2(0.122)	Trust: 0.3
vendor:	cisco	model:	iot field network director	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	network level service	scope:	ne	version:	4.0(0.112)	Trust: 0.3
vendor:	cisco	model:	iot field network director	scope:	ne	version:	4.0	Trust: 0.3

sources: CNVD: CNVD-2017-32525 // BID: 100641 // JVNDB: JVNDB-2017-007989 // CNNVD: CNNVD-201709-220 // NVD: CVE-2017-6780

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-6780
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-6780
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-32525
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201709-220
value:	HIGH
Trust: 0.6
VULHUB:	VHN-114983
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-6780
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-32525
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-114983
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-6780
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-32525 // VULHUB: VHN-114983 // JVNDB: JVNDB-2017-007989 // CNNVD: CNNVD-201709-220 // NVD: CVE-2017-6780

PROBLEMTYPE DATA

problemtype:	CWE-399	Trust: 1.9
problemtype:	CWE-770	Trust: 1.1

sources: VULHUB: VHN-114983 // JVNDB: JVNDB-2017-007989 // NVD: CVE-2017-6780

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201709-220

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201709-220

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-007989

PATCH

title:	cisco-sa-20170906-fnd	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-fnd	Trust: 0.8
title:	Patch for Cisco IoT Field Network Director Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/104293	Trust: 0.6
title:	Cisco IoT Field Network Director Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100029	Trust: 0.6

sources: CNVD: CNVD-2017-32525 // JVNDB: JVNDB-2017-007989 // CNNVD: CNNVD-201709-220

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6780	Trust: 3.4
db:	BID	id:	100641	Trust: 2.6
db:	JVNDB	id:	JVNDB-2017-007989	Trust: 0.8
db:	CNNVD	id:	CNNVD-201709-220	Trust: 0.7
db:	CNVD	id:	CNVD-2017-32525	Trust: 0.6
db:	VULHUB	id:	VHN-114983	Trust: 0.1

sources: CNVD: CNVD-2017-32525 // VULHUB: VHN-114983 // BID: 100641 // JVNDB: JVNDB-2017-007989 // CNNVD: CNNVD-201709-220 // NVD: CVE-2017-6780

REFERENCES

url:	http://www.securityfocus.com/bid/100641	Trust: 2.3
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170906-fnd	Trust: 2.0
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6780	Trust: 1.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6780	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2017-32525 // VULHUB: VHN-114983 // BID: 100641 // JVNDB: JVNDB-2017-007989 // CNNVD: CNNVD-201709-220 // NVD: CVE-2017-6780

CREDITS

Cisco

Trust: 0.3

sources: BID: 100641

SOURCES

db:	CNVD	id:	CNVD-2017-32525
db:	VULHUB	id:	VHN-114983
db:	BID	id:	100641
db:	JVNDB	id:	JVNDB-2017-007989
db:	CNNVD	id:	CNNVD-201709-220
db:	NVD	id:	CVE-2017-6780

LAST UPDATE DATE

2024-11-23T23:05:18.858000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-32525	date:	2017-11-02T00:00:00
db:	VULHUB	id:	VHN-114983	date:	2019-10-09T00:00:00
db:	BID	id:	100641	date:	2017-09-06T00:00:00
db:	JVNDB	id:	JVNDB-2017-007989	date:	2017-10-05T00:00:00
db:	CNNVD	id:	CNNVD-201709-220	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-6780	date:	2024-11-21T03:30:30.833

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-32525	date:	2017-11-02T00:00:00
db:	VULHUB	id:	VHN-114983	date:	2017-09-07T00:00:00
db:	BID	id:	100641	date:	2017-09-06T00:00:00
db:	JVNDB	id:	JVNDB-2017-007989	date:	2017-10-05T00:00:00
db:	CNNVD	id:	CNNVD-201709-220	date:	2017-09-07T00:00:00
db:	NVD	id:	CVE-2017-6780	date:	2017-09-07T21:29:00.740