Skip to main content

Unified Computing System CVE-2017-6633

HIGH
Buffer Overflow (CWE-119)
2017-05-22 psirt@cisco.com
7.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
May 22, 2017 - 01:29 cve.org
HIGH 7.5

DescriptionCVE.org

A vulnerability in the TCP throttling process of Cisco UCS C-Series Rack Servers 3.0(0.234) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate-limiting protection. An attacker could exploit this vulnerability by sending a high rate of TCP SYN packets to a specific TCP listening port on an affected device. An exploit could allow the attacker to cause a specific TCP listening port to stop accepting new connections, resulting in a DoS condition. Cisco Bug IDs: CSCva65544.

AnalysisAI

A vulnerability in the TCP throttling process of Cisco UCS C-Series Rack Servers 3.0(0.234) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. A vulnerability in the TCP throttling process of Cisco UCS C-Series Rack Servers 3.0(0.234) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate-limiting protection. An attacker could exploit this vulnerability by sending a high rate of TCP SYN packets to a specific TCP listening port on an affected device. An exploit could allow the attacker to cause a specific TCP listening port to stop accepting new connections, resulting in a DoS condition. Cisco Bug IDs: CSCva65544. Affected products include: Cisco Unified Computing System.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

CVE-2015-6435 CRITICAL POC
9.8 Jan 22

An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS)

CVE-2021-1368 HIGH
8.8 Feb 24

A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software and Cisco NX-OS Software coul

CVE-2019-1907 HIGH
8.8 Aug 21

A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote a

CVE-2019-1865 HIGH
8.8 Aug 21

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could all

CVE-2019-1864 HIGH
8.8 Aug 21

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could all

CVE-2018-0431 HIGH
8.8 Oct 05

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could all

CVE-2018-0430 HIGH
8.8 Oct 05

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could all

CVE-2015-0718 HIGH
7.5 Mar 03

Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000, 6000, and 7000 devices and Unified Computing System (UCS) p

CVE-2012-4078 HIGH
8.5 Sep 24

The Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) does not properly handle SSH escape se

CVE-2021-1387 HIGH
8.6 Feb 24

A vulnerability in the network stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a

CVE-2019-1863 HIGH
8.1 Aug 21

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could all

CVE-2019-1632 HIGH
8.0 Jun 20

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an aut

Share

CVE-2017-6633 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy